New submission from Zooko <[EMAIL PROTECTED]>: I'm using darcs to manage, among other things, another darcs repository. The recent security feature (in 1.0.6 a.k.a. 1.0.7pre1) has caused a problem because it notices that one of the patches is modifying "./trunk/_darcs/prefs/defaults" and aborts.
It makes sense to forbid patch files from modifying the _darcs directory of their *own* darcs repository, but it is wrong to forbid them to modify any directory whose name is "_darcs"! Just to be clear, the "./trunk/_darcs" is not the metadir for this darcs repo. That would be "./_darcs". Regards, Zooko ---------- messages: 671 nosy: droundy, tommy, zooko status: unread title: defense against malicious patch file oversteps its bounds ____________________________________ Darcs issue tracker <[EMAIL PROTECTED]> <http://bugs.darcs.net/issue177> ____________________________________ _______________________________________________ darcs-devel mailing list [email protected] http://www.abridgegame.org/cgi-bin/mailman/listinfo/darcs-devel
