https://bugzilla.wikimedia.org/show_bug.cgi?id=49159
Marc A. Pelletier <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #2 from Marc A. Pelletier <[email protected]> --- That would destroy any semblance of security if the maintainers make a trivial permission error, because it would allow execution of scripts under the tool's UID that were not put in place by one of its maintainers (allowing, for instance, grabbing project credentials). Group ownership is made automatic by the directories beging SGID (otherwise file would be essentially unmanagable by the maintainers), which means that any file placed in a directory _even by someone not in the group_ will be owned by the group -- and executed as the tool. Having to use take is a minor gotcha that is going to be well documented, and having to take an explicit step to make a script executable from the 'net is a good thing (likewise the requirement that the script be made executable). -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
