On Mon, Aug 17, 2009 at 11:09:56AM -0700, Jason Dagit <[email protected]> wrote: > In the past darcs has always been developed with the conceptual model that > anyone who can push to your repository is trusted. In other words, security > is handled at a layer external to darcs. Changing that assumption would > take careful planning and consensus. Not impossible, but not simple either > :)
The problem is that scripts like contrib/darcs-shell suggests that you can just give users a restricted shell and that will be secure. It's based on my original git-shell script, which *is* secure, but just porting to darcs makes it insecure, since in darcs it's possible to modify the commit hooks via patches, so basically you still have full shell access.
pgpsLpPDBfjIh.pgp
Description: PGP signature
_______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
