On Fri, 15 Jun 2018 13:35:13 -0400 Richard Hipp <d...@sqlite.org> wrote:
> An alternative design sketch: > > (1) Anonymous clones repo CoolApp > > (2) Anonymous makes changes to CoolApp and checks those changes into a > branch named "anon-patch" on her private clone. Repeat this step as > necessary to get anon-patch working. > > (3) Anonymous runs the command "fossil pullrequest anon-patch" > > (4) The pullrequest command creates a "bundle" out of the "anon-patch" > branch and then transmits that bundle back to the server from which > the clone originated. > > (5) The server accepts the bundle and parks it in a separate holding > table, but does not merge it or otherwise make it available to average > passers by. The server then sends email notifications to developers > with appropriate privileges to let them know that a pull request has > arrived. Please no, this would be real security nightmare. Anyone can attack any fossil public repo then by simple DoS. Do not ever allow anonymous to play with your pristine repository! If anon needs to "push" something, then he/she needs to make his/her repo public and *you* can investigate the patch of her/him first. Thanks, Karel _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users