On Sun, 17 Jun 2018 04:06:50 +0000
Chad Perrin <c...@apotheon.net> wrote:

> On Sat, Jun 16, 2018 at 05:05:48PM +0200, Eduardo Morras wrote:
> > 
> > I partially disagree. If you allow anonymous people to pull /
> > commit / merge data to your 'central repository', you can get
> > easily spammed. If I pull-request 100 images of 10MB your system
> > will go down. Multiply it by several 'funny guys' on more than one
> > repository and fossil credibility / reputation will be -1. 
> > 
> > People that could pull anything to any repository must be trust
> > people. (Don't know if it's correct phrase)
> 
> I think that's a matter for configuration, just like whether to allow
> people to self-register through the web UI and what initial
> permissions a registered user should have.  It is not, in my
> estimation, a matter of whether or not this is a desirable feature
> *at all*.

I'm not against the feature, I was pointing security defects that Dr.
Hipps didn't describe in his feature description and could end being a
bad implementation. Discovering them after or by third persons could
destroy fossil credibility.
 
> This could, in fact, be a very important feature for some team
> workflows where there may be some devs who are allowed to do this,
> and others who are allowed to commit/push directly (and given the
> ability to handle a contributed branch like this, to merge or
> otherwise accept).

Yes, the concept of core developers with commit bit and developers that
submit patches to pr or bugtrack system for commit aproval is common in
opensource projects. I'm a freebsd / openbsd fan and it's how those
projects work. As fossil has the bug tracking inside it's logical to
add this feature.


> -- 
> Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ]


---   ---
Eduardo Morras <emorr...@yahoo.es>
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Reply via email to