u: > intrigeri: >> u: >>> ln -s ../../wiki/src/contribute/l10n_tricks/pre-commit . >> >> This caught my eye before I could test this. >> >> I'd rather not ask all Tails contributors to run code, on every >> commit, that lives in a section of our website that's publicly >> writable. Please consider moving this script to bin/ :)
> With a notion of 'public' that allows only some people to write here, right? In theory, yes. I was definitely over-simplifying things above. You seem to be interested in the longer version of my reasoning so I'll write it up: - I believe that the only thing that prevent ikiwiki.cgi from allowing anyone with an Internet connection to edit arbitrary files under wiki/src/ is our lockedit plugin configuration. There's already been security issues in this part of the ikiwiki code so I'd rather not rely on it when we can cheaply avoid it. - For various reasons we tend to review changes under wiki/src/ less carefully than other changes so if someone exploited an ikiwiki bug and modified that pre-commit hook, chances are their code would run on a number of our systems before someone notices the problem. So yeah, in theory, assuming no software bugs, it's safe to put such code under wiki/src/; but it increases attack surface a fair bit, with no substantial benefit I can think of, so let's err on the safe side, as you did already, thanks! Now, this hook runs wiki/src/contribute/l10n_tricks/check_po.sh so the problem I'm describing above is still there. This could not fixed in pre-commit hook by calling submodules/jenkins-tools/slaves/check_po directly instead of going through the symlink. > I moved it to bin/ and will resend the email now. \o/ Cheers! -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
