1 |
On Sunday 25 June 2006 01:39, Mike Frysinger wrote: |
2 |
> On Saturday 24 June 2006 18:54, Edward Catmur wrote: |
3 |
> > * Security (from malicious contributors): Glad to see layman will only |
4 |
> > track the reviewed/ tree; still, anyone who checks out the sunrise/ tree |
5 |
> > (and has it in PORTDIR_OVERLAY) is vulnerable. |
6 |
> > |
7 |
> > - Remove from the examples any suggestion that one should check out the |
8 |
> > whole tree when contributing. Point out that one should not svn up |
9 |
> > sunrise/ as part of updating Portage. |
10 |
> |
11 |
> valid point i think |
12 |
> |
13 |
> ive never admined svn repos before, but would it be possible to shut off |
14 |
> anon access to the non-reviewed tree ? i think that would cover this issue |
15 |
> as people who get bit by bugs in the non-reviewed tree would (and should) |
16 |
> be able to just go in and fix it themselves :) |
17 |
|
18 |
after looking at some acl stuff i'm 99% sure this can be done ... so can we |
19 |
get this setup ? |
20 |
|
21 |
in fact, gentoo-wiki.com has a section on doing apache2/svn/dav/acls |
22 |
-mike |