Re: [fossil-users] Fossil in a chroot jail. Was: Chiselapp status

As a defense against DoS attacks, Fossil has a feature were it refuses to run certain expense web pages (ex: creating new tarballs) if the system load averages is too high. Fossil uses the getloadavg() interface to compute this. On Linux, getloadavg() requires that /proc be mounted. So, if you

Re: [fossil-users] branch assistance needed

commit on `side-branch`) to branch `mistake` and set to hidden Best, Eduard On 07/03/2018 05:09 PM, Dewey Hylton wrote: I've used fossil for years now with lots of commits to trunk and very few very simple branches which tend to get merged right into trunk after only a few commits. I have

Re: [fossil-users] Perception of Fossil

A lot of people allow wiki append by anonymous on their repos. You may choose not to. Maybe PR should get its own capability so you may restrict to authenticated or particular users (or not). On June 18, 2018 8:39:59 AM EDT, Karel Gardas wrote: >On Mon, 18 Jun 2018 00:01:33 +0300 >John Found

Re: [fossil-users] Using bundles for pull requests

the `bblob` table; it doesn't actually check the blob contents. Best, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Using bundles for pull requests

In general, I think `bundle import` should allow only: - manifests - regular files referenced by in-bundle manifests - control artifacts referencing in-bundle manifests My comments about `bundle import` also apply to any new "pull request"-like feat

[fossil-users] Hydra registrations open (open beta)

Fossil process runs in a chroot, with unique UID/GID. Best, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] "remember this password (Y/n)?" and `isatty()`

to `remote-url`. On 06/08/2018 10:24 AM, Warren Young wrote: On Jun 8, 2018, at 2:47 AM, Eduard wrote: Maybe it would be possible to add a command-line switch to force it to remember the password, or a switch to make it pretend stdin is a tty? It looks like that last is already available

[fossil-users] "remember this password (Y/n)?" and `isatty()`

it pretend stdin is a tty? Best, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Show time...

public registration 'soon'. Now all I need is a catchy name, like `chiselapp` :p [1] https://hydra.ecd.space/f/hydra/info/c34b243efda4fe2775d7c46f1d9b3cd1b2eb7190eb22933e469c7eb08fee5636 Cheers, Eduard ___ fossil-users mailing list fossil-users

Re: [fossil-users] Show time...

dict me on this. > 2. Getting a wildcard cert I also put it off for the longest time. It turned out to be surprisingly easy to do, and in fact less annoying than http validation. Cheers, Eduard On 06/04/2018 10:37 PM, Roy Keene wrote: Other things we do at ChiselApp: 1. Enable Safe int

Re: [fossil-users] Show time...

I was planning on making a more official announcement, but here goes. I'm the developer of Hydra, a single-sign-on and manager for fossil repositories. https://hydra.ecd.space/f/hydra/wiki/hydra I think this is relevant as people may be looking to GitHub alternatives for multiproject

Re: [fossil-users] Is it possible to merge repository's?

On 05/29/2017 11:35 PM, The Tick wrote: > On 5/29/2017 10:30 PM, Andy Bradford wrote: >> Thus said Stephan Beal on Tue, 30 May 2017 02:57:38 +0200: >> >>> However, there is _hypothetically_ a way to completely merge 2 repos >>> into one while keeping all commits, but i'm not at all certain if

Re: [fossil-users] Fossil hosting platforms

setting up a flint/hydra instance with open registration. Best regards, Eduard On April 23, 2017 12:59:31 PM EDT, Damien Sykes-Lindley <dam...@dcpendleton.plus.com> wrote: >Hey there, >I currently know of two Fossil hosting systems, Flint and Hydra. >1. I have seen Flint in action and

Re: [fossil-users] XSS attack and fossil hosting services

On 04/03/2017 02:16 AM, Warren Young wrote: > On Apr 2, 2017, at 9:28 PM, Eduard <eduard.c.dumitre...@gmail.com> wrote: >> >> An attacker can place malicious javascript at the top of every page > > Certainly. > >> they could, for example, change the vict

[fossil-users] XSS attack and fossil hosting services

estion, what damage can a "fossil http -R $repo" command do to surrounding files/other repositories? In particular, using TH1/SQL or using the JSON interface? Best, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http:

[fossil-users] openssl 1.1 compatibility issue in http_ssl.c

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847556#10 Best regards, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] setting hash-policy via web UI

Hello, Are there plans to expose the 'hash-policy' configuration option for modification in the fossil web interface? Best, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo

Re: [fossil-users] tracking changes relatively to root directory on Unix

Hi Peter, > Would anyone suggest possible workaround for Unix with no way to open > repository placed in root of filesystem? If your sysadmin allows FUSE, you can use `bindfs` to bind-mount the relevant directories as you wish inside your home directory (as an unprivileged user). Best,

Re: [fossil-users] Adding binary files to fossil

s them into (quite large) text files, more amenable to merging. Best, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] announcing a new repository manager webapp

, a Hydra instance is up and running at https://hydra.ecd.space/ Best regards, Eduard ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Release 1.35 checksums?

On 07/05/2016 02:56 PM, jungle Boogie wrote: > On 1 July 2016 at 09:39, Warren Young wrote: >> If you’re expecting the checksum to protect you against someone hacking the >> web site and uploading malware, they can modify the checksums on the web >> site at the same time. >

Re: [fossil-users] fossil bundle export of all artifact types ...

Hi Jousef, If you want everything, then fossil clone input.fossil output.fossil You can also have an intermediary that you periodically sync with: fossil sync -R input.fossil intermediary.fossil Use the "--private" option in either case to also sync private branches. Best, Eduard

[fossil-users] diff for undo

and it would allow one to review exactly what changes they just updated past (when in autosync mode). As an alternate (and possibly simpler) solution, one could instead add an "--undo" argument to (g)diff which would do what I just described. Best, Eduard si

Re: [fossil-users] diff before update

Hi Stephan, On 11/21/2015 04:38 AM, Stephan Beal wrote: > On Sat, Nov 21, 2015 at 12:24 AM, Eduard > <eduard.c.dumitre...@gmail.com <mailto:eduard.c.dumitre...@gmail.com>> > wrote: > > The problem lies not with 'update'. The problem is that there's no > way

[fossil-users] diff before update

running "fossil update branch", because that would bring you to the latest commit tagged with "branch". Thanks, Eduard signature.asc Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] diff before update

ng if there's a built-in way of doing it without resorting to shell scripts. Thanks, Eduard signature.asc Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] diff before update

On 11/20/2015 03:10 PM, Stephan Beal wrote: > On Fri, Nov 20, 2015 at 8:55 PM, Eduard <eduard.c.dumitre...@gmail.com > <mailto:eduard.c.dumitre...@gmail.com>> wrote: > > On 11/20/2015 02:42 PM, Stephan Beal wrote: >> >> Is there a way of sp

Re: [fossil-users] diff before update

e of adding an alias for this (@drh)? It's easy to write a shell script that does it, but it seems to me that this is something that should really be within fossil itself (since not every fossil user necessarily knows how to write shell scripts). Best, Eduard signature.asc Description: OpenPGP digital signa

Re: [fossil-users] diff before update

On 11/20/2015 04:56 PM, Stephan Beal wrote: > On Fri, Nov 20, 2015 at 10:52 PM, Eduard > <eduard.c.dumitre...@gmail.com <mailto:eduard.c.dumitre...@gmail.com>> > wrote: > > On 11/20/2015 04:06 PM, Stephan Beal wrote: >> >> >> $ f s

Re: [fossil-users] Fossil repo on a network share?

And even if you don't have a static IP and you're behind a stupid NAT, you can still set up a tor hidden service. On 11/18/2015 12:12 PM, Scott Robison wrote: > > On Nov 18, 2015 1:28 AM, "Stephan Beal" > wrote: > > > > On Wed, Nov 18, 2015

Re: [fossil-users] server returned an error - clone aborted

he current checkout information is named differently in the two cases ("_FOSSIL_" vs ".fslckout"). I may be completely wrong though. Best, Eduard On 11/18/2015 11:59 PM, fossil@9ox.net wrote: > Hi, > > I am stuck getting Windows to work with my repo (88KB).

Re: [fossil-users] Fossil does not generate https link prefix

anyway. I'm not sure whether this is the truly correct way to do it, but it sure solved my problem. Cheers, Eduard On 11/04/2015 11:48 PM, Taras Zakharko wrote: > Dear all, > > I am serving repositories on our internal server via the Fossil GCI > mechanism behind Apache2 with SSL. Th

[fossil-users] meeting tomorrow at 10:00?

Hi, Would meeting Wednesday (tomorrow) at 10:00 be okay with you? Please reply to let me know (unless you've filled in the scheduling poll <http://doodle.com/poll/sqaibsinpk8feiww> or already told me in person). Cheers, Eduard signature.asc Description: OpenPGP digital sig

[fossil-users] handling backports

fails to build. The fix itself is just the replacement of one line that hasn't changed since the bug was introduced. Again, what is the correct way of handling this? Best, Eduard signature.asc Description: OpenPGP digital signature ___ fossil-users

Re: [fossil-users] impersonating users

On 11/03/2015 06:38 AM, Richard Hipp wrote: > On 11/3/15, Eduard <eduard.c.dumitre...@gmail.com> wrote: > > The artifact receipt log (/rcvfromlist) shows *all* artifacts that > have been received. But it does not filter by artifact type or user - > it shows everything. >

Re: [fossil-users] meeting tomorrow at 10:00?

for this list. Sorry, Eduard signature.asc Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] SHA1 and security

Hi Scott, Thank you for your reply! On 10/29/2015 01:40 AM, Scott Robison wrote: > On Wed, Oct 28, 2015 at 6:37 PM, Eduard <eduard.c.dumitre...@gmail.com > <mailto:eduard.c.dumitre...@gmail.com>> wrote: > > If fossil didn't say it used SHA1 to generate artifact IDs, I do

Re: [fossil-users] SHA1 and security

Hi Warren, Thanks for replying! On 10/29/2015 02:46 PM, Warren Young wrote: > On Oct 28, 2015, at 6:37 PM, Eduard <eduard.c.dumitre...@gmail.com> wrote: >> >> I wish to discuss the issues surrounding the use of SHA1 in Fossil > > Have you read the prior discussi

Re: [fossil-users] SHA1 and security

otection the most (since it is easier to hide a malicious needle in a bigger haystack). Best, Eduard signature.asc Description: OpenPGP digital signature ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/

Re: [fossil-users] SHA1 and security

On 10/29/2015 04:26 PM, Christopher M. Fuhrman wrote: > On Wed, 28 Oct 2015 at 5:37pm, Eduard wrote: > > What kind of speed hit would using the BLAKE2b algorithm on 32-bit > machines such as i386, vax, or m68k? Yes, there's the BLAKE2s > algorithm for 8-32 bit architectures bu

Re: [fossil-users] SHA1 and security

Hi Warren, On 10/29/2015 06:50 PM, Warren Young wrote: > On Oct 29, 2015, at 3:40 PM, Eduard <eduard.c.dumitre...@gmail.com> wrote: >> On 10/29/2015 02:46 PM, Warren Young wrote: >>> (...) >> I had read 2/3 of them, yes. Thanks for the third one! > > The

[fossil-users] SHA1 and security

ains a large security margin (the best (academic) attack to date is on a reduced version that does only 2.5 rounds instead of 10, and even then only downgrades the security from 512 to 481 bits). Please let me know your thoughts on this matter. Best regards, Ed