[Patch] Updated support for external command handlers
John A Meinel
john at arbash-meinel.com
Tue May 10 01:16:22 BST 2005
Aaron Bentley wrote:
> John A Meinel wrote:
> | I think fai handled it with "if it's in your plugin directory, it's safe
> | to run". Because you *really* should never make ~/bin your plugin
> | directory.
> Ultimately, anyone who can put an executable file in an arbitrary
> location can run a program with the current user's privilages. So I
> don't think this is a new risk. If you don't trust the author, you
> shouldn't run their programs.
As I mentioned in my other email (but this is a better thread), the idea
of having an site-level plugin directory seems appealing, because then
an admin can setup bzr on that machine, to make it easier for other people.
But really, you probably can do this by just having a list of plugin
directories, and no default ones. If you add a directory, you get the
plugins. Standard unix permissions are all that protects you. And you
have to trust the admin anyway.
So I think I'll agree, and just go with "if it's in there, you trust it".
What is the current system for implementing bzr configuration entries?
Is there something already set up, or is that something that needs to be
added? I don't see any ~/.bzr file, and I saw ~/.bazaar offered. (I also
saw that .bzr was liked so that you could have per-tree configs act just
like global configs, but it prevented revctl your global config.) In the
"formats.txt" file, it doesn't have anything about configuration stuff.
And so far I think bzr gets most things from the environment (like
So I would offer ~/.bazaar/ and $tree/.bzr/config/ as the points for
per-tree configuration. Stuff like per-tree email (which *I* would
really like), and plugin directories. Unless someone will allow me to
put something just in $tree/.bzr. I think your bzr-pull/bzr-push scripts
just used the x-* format for non-official extensions.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 251 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20050509/aba4f959/attachment.pgp
More information about the bazaar