Nicolas Pouillard wrote: > You can use a custom restricted shell for these users. You could only > allow to call "darcs apply".
Taking something inherently insecure and patching it up in under-documented (on the Darcs side) ways is not a sound way of producing something secure. It would be prone to security-breaking mistakes and fragility with respect to changes in future Darcs versions. Also, I'd guess the set of operations needed is more than just "darcs apply"; perhaps scp to upload and download files, for example, and then how do you make sure that the file-changes comply with what Darcs needs? > [Grant wrote:] >> 5. Email (to accompany HTTP/HTTPS): Requires manual effort for patch >> application or can't return sensible error messages (if it can, then >> it can probably also serve as a spamming host). > > Manual efforts can be automated :) To expand on my spamming host point; if patches are to be applied in an automated fashion, error messages need to reach the appropriate person, which means that the server will be able to email people. That would open it up to abuse as a spamming host, through sending it intentionally broken patches (or just fairly arbitrary emails) with a forged sender. I am perhaps too paranoid in these matters, but I would think that paid sysadmins in general would be reluctant to expose Darcs these ways, for the same reasons. G. _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
