[Savannah-cvs] [Bzr]

savannah-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [Bzr]

From:	Beuc
Subject:	[Savannah-cvs] [Bzr]
Date:	Thu, 12 Nov 2009 11:00:46 +0000

At Savannah we do not allow local shell access to make it harder for users to
attempt to exploit vulnerabilities before fixes are applied.

Consequently we will not offer both sftp: and bzr+ssh: at the same time, as
the combination of both would allow users to run arbitrary commands on the
server through commit hooks, in effect getting local access.

At a point we may move to bzr+ssh completely, but this requires moving all
the projects at once, and making sure they can create the directory layouts
they need through our web interface. Currently, there is not enough incentive,
or time, to do so. In particular it seems server-side commit hook'ing is
supported, but there are few actual server-side commit hooks.

As for installing the recent 2.0, we'll wait until this is properly support
in Debian stable, or possibly Debian backports.

So it is a bit more complicated than just installing a piece of software on
our servers.

Source: http://savannah.gnu.org/support/?107077

--
forwarded from 
https://savannah.gnu.org/maintenance/address@hidden://savannah.gnu.org/maintenance

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-cvs] [Bzr], Beuc <=

Prev by Date: [Savannah-cvs] [ModifyingGroupType] (reparented)
Next by Date: [Savannah-cvs] [SavannahArchitecture] (edit)
Previous by thread: [Savannah-cvs] [ModifyingGroupType] (reparented)
Next by thread: [Savannah-cvs] [SavannahArchitecture] (edit)
Index(es):
- Date
- Thread