That's not a security hole at all. Once a file was added, ignoring it will not remove past version from the repository. History in fossil is immutable. If you inadvertently added a file which shouldn't be there you should shun it instead.
On Tue, Apr 11, 2017 at 1:27 AM, Thomas <tho...@dateiliste.com> wrote: > On 2017-04-11 00:01, Thomas wrote: >> >> The --ignore argument as well as the .fossil-settings\ignore-glob file >> don't work for files or file masks that have been committed at some >> point after the repository has been created. Your work-around worked. >> After deleting some of these files, committing, changing, and committing >> again, they were ignored/not checked in afterwards. >> >> I'd say this is either a big design flaw or a bug. >> It's not mentioned anywhere in the documentation and is anything but >> logical and reasonable. > > > That's also a big security hole. > > Someone checks in a file > password.this_is_so_confidential_you_should_never_disclose_it_to_anyone.txt. > > Bang. > > > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
