Nikolas Coukouma wrote: > Ian Holsman wrote: >> While open source is fantastic, and provides highly visible means. >> It can still be hacked. >> >> I can describe what has happened in this case: >> >> 1. joe hacker hacks one of the 'open source groups' machines. >> >> at this point he is assumed to have access to the source code repository. >> > (snip) >> b. he modifies the source code in the repository directly and in a >> manner that doesn't generate an email/commit message. >> >> when something like this occurs ( I'm not even sure if it is possible >> in SVN, but I think it was in CVS) then the next time one of the core >> developers update their version of the code they will see the code has >> been changed... > Assuming write access, you can modify REPO/hooks/post-commit.tmpl or > whatever other hook you want to tamper with.
You can't so easily do that with svn.apache.org. The SVN repository is on a completely different machine than people.apache.org, where committers have shell access. Only a few ASF members have access to eris.apache.org, and even fewer have root access. -Paul
