1. Use patches sent by mail, optionally with GPG-signing.
Is the patch itself signed or just the email?
The former. Signing of patches is being worked on, but it's a
difficult problem (due to certain properties of Darcs).
I don't get this thing about sending patches by email.
It's
2006/1/30, Daniel Carrera [EMAIL PROTECTED]:
Hi all,
I'm trying to figure out the best way to have a main repository where
several can contribute. SSH seems to be the only alternative for this.
I'm thinking of having a single user (called 'darcs') and asking all
developers to send me their
Thiago Arrais wrote:
Maybe you could setup chrooted access.
Thanks. I like that idea. And thanks for the link. I'm discussing that
now with my friends.
This solves part of the problem, since your users will still be able
to use they access to upload and run malicious code. There should be
2006/1/31, Daniel Carrera [EMAIL PROTECTED]:
One of our developers says that we could design our own custom shell
that gives people access to darcs or rsync but nothing else.
Very interesting idea. I have been told that just by chrooting the
problem would be solved, but I couldn't grasp this
Thiago Arrais wrote:
One of our developers says that we could design our own custom shell
that gives people access to darcs or rsync but nothing else.
Very interesting idea. I have been told that just by chrooting the
problem would be solved, but I couldn't grasp this one yet. Have you
been
On Tue, Jan 31, 2006 at 09:16:41AM -0300, Thiago Arrais wrote:
This solves part of the problem, since your users will still be able
to use they access to upload and run malicious code. There should be a
solution for this too, though. How can we limit the users to run only
the darcs program
Hi all,
I'm trying to figure out the best way to have a main repository where
several can contribute. SSH seems to be the only alternative for this.
I'm thinking of having a single user (called 'darcs') and asking all
developers to send me their ssh key. But I'm concerned about the
security
I'm trying to figure out the best way to have a main repository where
several can contribute. SSH seems to be the only alternative for this.
There are two other alternatives:
1. Use patches sent by mail, optionally with GPG-signing.
2. Don't make it possible for all contributors to push
[EMAIL PROTECTED] wrote:
1. Use patches sent by mail, optionally with GPG-signing.
Is the patch itself signed or just the email? In other words, 3 years
from now, when I've forgotten all about that patch, will I still be able
to check the GPG signature?
I don't get this thing about