Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Mike Frysinger <vapier@g.o>
Subject: Re: [experiment] Sunrise try 2
Date: Thu, 29 Jun 2006 00:33:22 -0400
On Sunday 25 June 2006 01:39, Mike Frysinger wrote:
> On Saturday 24 June 2006 18:54, Edward Catmur wrote:
> > * Security (from malicious contributors): Glad to see layman will only
> > track the reviewed/ tree; still, anyone who checks out the sunrise/ tree
> > (and has it in PORTDIR_OVERLAY) is vulnerable.
> >
> > - Remove from the examples any suggestion that one should check out the
> > whole tree when contributing. Point out that one should not svn up
> > sunrise/ as part of updating Portage.
>
> valid point i think
>
> ive never admined svn repos before, but would it be possible to shut off
> anon access to the non-reviewed tree ?  i think that would cover this issue
> as people who get bit by bugs in the non-reviewed tree would (and should)
> be able to just go in and fix it themselves :)

after looking at some acl stuff i'm 99% sure this can be done ... so can we 
get this setup ?

in fact, gentoo-wiki.com has a section on doing apache2/svn/dav/acls
-mike
Attachment:
pgpU0uKa77Gm8.pgp (PGP signature)
Replies:
Re: [experiment] Sunrise try 2
-- Stefan Schweizer
References:
[experiment] Sunrise try 2
-- Luca Barbato
Re: [experiment] Sunrise try 2
-- Edward Catmur
Re: [experiment] Sunrise try 2
-- Mike Frysinger
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: [experiment] Sunrise try 2
Next by thread:
Re: [experiment] Sunrise try 2
Previous by date:
Re: Assigning bugs to treecleaners
Next by date:
Re: [experiment] Sunrise try 2


Updated Jun 17, 2009

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.