[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Monotone-devel] The new definition of get_netsync_write_permitted
|
From: |
Richard Levitte - VMS Whacker |
|
Subject: |
[Monotone-devel] The new definition of get_netsync_write_permitted |
|
Date: |
Wed, 06 Jul 2005 21:55:38 +0200 (CEST) |
I've a problem with the new definition of get_netsync_write_permitted
(where it only takes an identity string).
I've a server where I serve a number of projects, among others a
mirror of the monotone database. With the new definition, anyone I
allow write access to my server thinking I'm granting him/her write
access to one specific project, automagically has write access to
*all* the projects I serve (including, for instance, monotone) and can
therefore generate rogue commits.
Oh sure, I can have a private rc with a get_revision_cert_trust that
makes sure I don't see those rogue commits, but what about anyone else
who pulls from my server? Is there any way to prevent rogue commits
from spreading?
And sure, I can do the security by obscurity bit by granting selective
read access to each branch only to those supposed to work with them,
but what do I do if I want to have anonymous readers? It's perfectly
possible, as far as I know, to pull anonymously while pushing with a
key that has write access...
I'm not at all comfortable with the way this seems to go. What,
exactly, was the criteria to make get_netsync_write_permitted so lax?
Or if there's something I misunderstood, I'll happily let myself get
enlightened by whoever is willing to help.
Cheers,
Richard
-----
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte address@hidden
http://richard.levitte.org/
"When I became a man I put away childish things, including
the fear of childishness and the desire to be very grown up."
-- C.S. Lewis
- [Monotone-devel] The new definition of get_netsync_write_permitted,
Richard Levitte - VMS Whacker <=