Forbid uncommits over the network (redux)

[Martin Pool]

On 22 March 2010 07:30, Lasse Kliemann
<lasse-list-bazaar-2009 at mail.plastictree.net> wrote:
>> 'set_last_revision_info' validates append_revisions_only on the server
>> side. However 'bzr+ssh://' currently has what we call "VFS" operations
>> (Virtual FileSystem), which means you can effectively 'write' to any
>> file that are underneath .bzr/ that you have OS level write access to.
>>
>> We have an environment variable BZR_NO_SMART_VFS that can be set to
>> disable all VFS access. However ATM there are still a fairly large
>> number of simple 'read' accesses that are done via VFS. I'm not sure how
>> many write operations remain, though I'm sure that number is dwindling.
>
> Greetings everyone,
>
> it's been almost a year since this discussion. I was pleased to
> notice that Bazaar development reached version 2.1.0, whereas we
> were talking about the 1.x.x series back then.
>
> Have these things changed?
>
> Is it now possible to have a shared repository in which existing
> revisions become immutable once they are committed (provided the
> server is set up properly)?

It would still be possible for a sufficiently determined client to
bypass this restriction.

-- 
Martin <http://launchpad.net/~mbp/>