Forbid uncommits over the network
Lasse Kliemann
lasse-list-bazaar-2009 at mail.plastictree.net
Fri May 8 16:56:55 BST 2009
* Message by -Aaron Bentley- from Fri 2009-05-08:
> Lasse Kliemann wrote:
> > Is there any official statement available that
> > 'append_revisions_only' in fact closes all possible loopholes
> > through which existing revisions might be tempered with (provided
> > there is only network access via 'bzr serve' to the repository)?
>
> No. See John's email.
I tried the example with '--overwrite', but I only get:
Operation denied because it would change the main history,
which is not permitted by the append_revisions_only setting on
branch...
> At this point, it's not feasible to disable the
> nosmart / vfs mode, and that would be required to prevent tampering.
Can you give an example command and configuration for this?
Adding 'nosmart' to the URL did not change anything here. BTW, I
am using SSH (via bzr+ssh or nosmart+bzr+ssh) and the server has
command="bzr serve --allow-writes --inet --directory=/foo/bar" ...
in '.ssh/authorized_keys'.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20090508/becf188b/attachment-0001.pgp
More information about the bazaar
mailing list