commit emails from a central server with bzr 2.6

Glenn Morris rgm at
Thu Jun 6 05:48:52 UTC 2013

I got it working. There was a hard-coded --no-plugins being passed to
bzr in the script that acts as the login shell for Savannah users.

You may remember being prescient about this:


Could you reassure me that removing --no-plugins is fine from a security
point of view? I don't really understand why Sylvain Beucler was so keen
on it back in 2010 [1]. I understand that users should not be able to
install arbitrary plugins. AFAIK, there is no way a Savannah user can do
this. They have no access to their home directories. In any case, the
login shell runs bzr with $ENV{'HOME'} = '/var/lib/bzr', and users
certainly do not have write access to that.

To be doubly sure, I'll add
$ENV{'BZR_PLUGIN_PATH'} = '-user:+core:-site'

to the environment that the login shell sets up.

[1] Probably relevant: in March 2010, sftp access was still available,
but it was disabled later that year:

More information about the bazaar mailing list