[HCoop-Discuss] SVN security issues

Karl Chen quarl at cs.berkeley.edu
Wed Nov 8 04:36:19 EST 2006


>>>>> On 2006-11-06 16:21 PST, Marcus Rueckert writes:

    Marcus> i would veto. this should not be part of svn. The
    Marcus> helper is called sudo.  you just need to configure it.
    Marcus> if you dont like my proposal for the
    Marcus> configuration. than come up with a better one.

I did consider the sudo workaround before I came up with the exec
helper proposal, and I believe the exec helper proposal is better.
It would be probably a 1 or 2 line change.

The sudo workaround prevents the user from being able to
administer his own repository, which may be worse than not
allowing hooks and would prevent the hook from modifying the
repository anyway.

Cheers.

-- 
Karl 2006-11-08 01:26




More information about the HCoop-Discuss mailing list