Bruce Stephens wrote:
Daniel Carrera <[EMAIL PROTECTED]> writes:
So it can only happen if the developer has SSH access. Tell me if I'm
wrong, but if you want developers to tunnel through SSH they can then
execute Monotone commands including "db execute". Right?
Indeed. So don't do that. Instead, offer a monotone server that
people can push to.
1) Some times SSH is the only choice.
2) SSH has security features that some projects may find very important.
You don't always want people to be able to read the stuff you send to
the server.
I offered what I believe to be a simple way to address the security
issue without adversely affecting users who want to use these commands.
Daniel.
_______________________________________________
Monotone-devel mailing list
Monotone-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/monotone-devel
