[RFC] New web server for bazaar

James Blackwell jblack at merconline.com
Mon Sep 19 10:32:38 BST 2005 

On Mon, Sep 19, 2005 at 06:18:23PM +1000, Robert Collins wrote:
> On Mon, 2005-09-19 at 02:26 -0400, James Blackwell wrote:
> > ...
> 
> > I'm not very conversant with the plugin system yet. For all I know, if a
> > plugin exists in the right place then bzr is going to start up a webserver
> > by default every time the command is run -- even if by root*. If that were
> > a case, then all it would take is a simple honest coding mistake to expose
> > any file on the filesystem (see the old named conf problem for local
> > escalation of filesystem access) or to expose deeper levels of the network
> > (see the ancient apache proxy bug).
> 
> Yes, a plugin could cause a webserver to be automatically started. I
> would consider this distasteful - I wouldn't merge any plugin that did
> that into mainline.

I believe Martin is planning for inclusion in mainline. 
I may have misread Martin's post, but I believe he's planning it for
mainline. 

> I think anything that starts running a service(*) should require a clear
> statement requesting that from the user. (I.e. bzr webserver). :0

Yeah, this would work fine.

> (*) except for extremely short localhost only services, i.e. the
> webserver during our test suite.

Agreed, though I think that sort of thing should be clearly indicated in
technical documentation (there's a race there for 

My concern during the writing was that the plugin would be installed by
default and by simple oversight would get run automatically whenever bzr
started up. Its a silly mistake, but its happened to other things (ahhh, 
the great blessing and curse of object orientation). I also
have a hazy vision along the lines below: 

1. Webserver
2. Smart Server
3. Remove redundant code and rely on smart server
4. Why bother starting a smart server every time? Just fork one on start
   with the first run. Then things will be really efficient, especially
   with that new patchpool. Imagine all the locking problems we'll save
5. Hey! This fixes bzr push too!

And now you've got a silent webserver that silently starts that never
quite seems to die.*  **



* Yeah. Sounds far fetched, but this sort of thing happens in gnome and
kde.  Want to run something that relies on a daemon, the system silently
starts the daemon. The daemon, having been added as a service, gets
restarted after reboots, even though its not necessary.  The cost vs
benefits vs risk analysis could be enough to launch a career in research.
Regardless, the problem/solution is relagated to desktops. 

** This sounds like a slippery slope fallacy. Its not, though, because we
can stop at any step along the way, provided the steps are thought out and
well known.




-- 
 James Blackwell      |   Try out the blog planet for revision control
 Tell someone a joke! |   at http://planet.revisioncontrol.net
----------------------------------------------------------------------
GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D  247A 8A55 DA73 0635 7400

More information about the bazaar mailing list