On Fri, 15 Jun 2018 13:35:13 -0400
Richard Hipp <d...@sqlite.org> wrote:

> An alternative design sketch:
> 
> (1) Anonymous clones repo CoolApp
> 
> (2) Anonymous makes changes to CoolApp and checks those changes into a
> branch named "anon-patch" on her private clone.  Repeat this step as
> necessary to get anon-patch working.
> 
> (3) Anonymous runs the command "fossil pullrequest anon-patch"
> 
> (4) The pullrequest command creates a "bundle" out of the "anon-patch"
> branch and then transmits that bundle back to the server from which
> the clone originated.
> 
> (5) The server accepts the bundle and parks it in a separate holding
> table, but does not merge it or otherwise make it available to average
> passers by.  The server then sends email notifications to developers
> with appropriate privileges to let them know that a pull request has
> arrived.

Please no, this would be real security nightmare. Anyone can attack any fossil 
public repo then by simple DoS. Do not ever allow anonymous to play with your 
pristine repository! If anon needs to "push" something, then he/she needs to 
make his/her repo public and *you* can investigate the patch of her/him first.

Thanks,
Karel
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Reply via email to