Gentoo Archives: gentoo-dev

From: David Shakaryan <d@×××××.org>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] Re: [experiment] Sunrise try 2
Date: Thu, 29 Jun 2006 05:43:50
Message-Id: e7vp39$dhj$1@sea.gmane.org
In Reply to: Re: [gentoo-dev] [experiment] Sunrise try 2 by Mike Frysinger
1 Mike Frysinger wrote:
2 > On Saturday 24 June 2006 18:54, Edward Catmur wrote:
3 >> * Security (from malicious contributors): Glad to see layman will only
4 >> track the reviewed/ tree; still, anyone who checks out the sunrise/ tree
5 >> (and has it in PORTDIR_OVERLAY) is vulnerable.
6 >>
7 >> - Remove from the examples any suggestion that one should check out the
8 >> whole tree when contributing. Point out that one should not svn up
9 >> sunrise/ as part of updating Portage.
10 >
11 > valid point i think
12
13 The guide has been edited to inform users that they should *not* use the
14 sunrise/ tree for any reason other than committing. Now, in the
15 HowToCommit guide, near the instructions for checking out the sunrise/
16 tree, it clearly states that you should not set it as your
17 PORTDIR_OVERLAY, but use the reviewed/ instead.
18
19 >
20 > ive never admined svn repos before, but would it be possible to shut off anon
21 > access to the non-reviewed tree ? i think that would cover this issue as
22 > people who get bit by bugs in the non-reviewed tree would (and should) be
23 > able to just go in and fix it themselves :)
24
25 As far as I understand, not allowing anonymous users to check out the
26 sunrise/ directory *is* going to be implemented in the future, but you
27 should get a second word from genstef or jokey on that as I'm not
28 completely sure.
29
30 --
31 David Shakaryan
32 GnuPG Public Key: 0x4B8FE14B

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] Re: [experiment] Sunrise try 2 Mike Frysinger <vapier@g.o>