On Friday, 12 January 2018 11:21:27 GMT 'awokd' via qubes-devel wrote: > Securing this sounds hard,
My thinking is that using something like git controls setting files executables bits, serverside. So you can't magically get a new executable scripts in your homedir. Next its pretty easy to write a convert app that scans config files for non- ASCII content and maybe something like pointing to non-local paths (HTTP etc). As such I figured this seals off any attack vector as the *only* thing you will let in are plain-text files with non-executable payload. Do you see any other attack vectors? > but could the existing update proxy system be > utilized for this? Possibly, at minimum the qrexec communication channel should be the same and the reason I suggested gitolite is because there is no reason to try and re- invent all the tech that already exists. Specifically; synchronizing n editable copies of a file (where n > 2) is non- trivial and git solved it. Why not use that. :-) -- Tom Zander Blog: https://zander.github.io Vlog: https://vimeo.com/channels/tomscryptochannel -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/5121519.MbWqTiX2xb%40mail. For more options, visit https://groups.google.com/d/optout.