On Sun, 17 Jun 2018 04:06:50 +0000 Chad Perrin <c...@apotheon.net> wrote:
> On Sat, Jun 16, 2018 at 05:05:48PM +0200, Eduardo Morras wrote: > > > > I partially disagree. If you allow anonymous people to pull / > > commit / merge data to your 'central repository', you can get > > easily spammed. If I pull-request 100 images of 10MB your system > > will go down. Multiply it by several 'funny guys' on more than one > > repository and fossil credibility / reputation will be -1. > > > > People that could pull anything to any repository must be trust > > people. (Don't know if it's correct phrase) > > I think that's a matter for configuration, just like whether to allow > people to self-register through the web UI and what initial > permissions a registered user should have. It is not, in my > estimation, a matter of whether or not this is a desirable feature > *at all*. I'm not against the feature, I was pointing security defects that Dr. Hipps didn't describe in his feature description and could end being a bad implementation. Discovering them after or by third persons could destroy fossil credibility. > This could, in fact, be a very important feature for some team > workflows where there may be some devs who are allowed to do this, > and others who are allowed to commit/push directly (and given the > ability to handle a contributed branch like this, to merge or > otherwise accept). Yes, the concept of core developers with commit bit and developers that submit patches to pr or bugtrack system for commit aproval is common in opensource projects. I'm a freebsd / openbsd fan and it's how those projects work. As fossil has the bug tracking inside it's logical to add this feature. > -- > Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] --- --- Eduardo Morras <emorr...@yahoo.es> _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users