commit emails from a central server with bzr 2.6

Robert Collins robertc at robertcollins.net
Fri Jun 7 03:28:40 UTC 2013


On 6 June 2013 17:48, Glenn Morris <rgm at gnu.org> wrote:
>
> I got it working. There was a hard-coded --no-plugins being passed to
> bzr in the script that acts as the login shell for Savannah users.
>
> You may remember being prescient about this:
>
> http://lists.gnu.org/archive/html/savannah-hackers-public/2010-03/msg00050.html
>
> :)

Doh, I do now :).

>
> Could you reassure me that removing --no-plugins is fine from a security
> point of view? I don't really understand why Sylvain Beucler was so keen
> on it back in 2010 [1]. I understand that users should not be able to
> install arbitrary plugins. AFAIK, there is no way a Savannah user can do
> this. They have no access to their home directories. In any case, the
> login shell runs bzr with $ENV{'HOME'} = '/var/lib/bzr', and users
> certainly do not have write access to that.

I think its fine. LP runs bzr with plugins enabled [a select set, to
be sure]. Allowing users to install their own plugins would be a bad
idea, but you've already got that covered :).

-Rob

-- 
Robert Collins <rbtcollins at hp.com>
Distinguished Technologist
HP Cloud Services



More information about the bazaar mailing list