Stefan Schweizer wrote: > > Serverside checks are overkill imo since we check that later ourselves when > reviewing. It is also harder to implement in general and especially now > because the administrator of the server, jokey, has exams this week. >
Nope, you need them to avoid "smart stupid" situation: - smart enough to circumvent the checks - stupid enough to commit something that doesn't pass the checks or just because I'm paranoid and you may add $bad_stuff in the global scope, bypass the checks clientside and let people have fun once they fetch the stuff.. just a check that prevents commands in global scope and/or shutting down sandbox is a must. lu -- Luca Barbato Gentoo/linux Gentoo/PPC http://dev.gentoo.org/~lu_zero -- gentoo-dev@gentoo.org mailing list
