Hi! intrigeri: > u: >> intrigeri: >>> u: >>>> ln -s ../../wiki/src/contribute/l10n_tricks/pre-commit . >>> >>> This caught my eye before I could test this. >>> >>> I'd rather not ask all Tails contributors to run code, on every >>> commit, that lives in a section of our website that's publicly >>> writable. Please consider moving this script to bin/ :) > >> With a notion of 'public' that allows only some people to write here, right?
> - I believe that the only thing that prevent ikiwiki.cgi from > allowing anyone with an Internet connection to edit arbitrary files > under wiki/src/ is our lockedit plugin configuration. > There's already been security issues in this part of the ikiwiki > code so I'd rather not rely on it when we can cheaply avoid it. Oops. I was not aware of that. > So yeah, in theory, assuming no software bugs, it's safe to put such > code under wiki/src/; but it increases attack surface a fair bit, with > no substantial benefit I can think of, so let's err on the safe side, > as you did already, thanks! If there's a place for such scripts, let's put them there :) > Now, this hook runs wiki/src/contribute/l10n_tricks/check_po.sh so the > problem I'm describing above is still there. This could not fixed in > pre-commit hook by calling submodules/jenkins-tools/slaves/check_po > directly instead of going through the symlink. Agreed. I'll modify this, this will be transparent for the testers. Cheers! u. _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
