Thus said Warren Young on Thu, 14 Dec 2017 12:13:18 -0700: > Fossil arguably has a bug here, where if you check a change in as > local user name ``tangent'', as I do here, then *later* do a ``fossil > sync'' to a URL with a user name, some bit of the local on-disk state > remembers that you originally cloned the repo as tangent and makes > your changes under that name.
I disagree that this is a bug. I consider it useful flexibility. > I classify this as a bug because it could be used for an impersonation > attack. Fossil records which user synchronized the content in the recvfrom table so the owner of the remote repository knows who did it if he cares. As stated in the past, Fossil is meant for a tighter group of developers---perhaps this perception has changed---one in which impersonation is unlikely. Andy -- TAI64 timestamp: 400000005a3415b3 _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
