Re: Switching from CVS to something else
On Tue, Aug 21, 2007 at 01:44:28PM -0400, Joey Hess wrote:
> Martin Schulze wrote:
> > I have some problems with this approach since being able to commit
> > to webwml means being able to execute arbitrary code on www-master
> > which is currently the same as security-master. Thus, having only
> > limited write access and a controlled way to expand this, is actually
> > a feature, imho.
>
> A very good point. Especially since translators can also in theory run
> arbitrary code on www-master right now, which doesn't seem desirable,
> especially for the ones who are not DDs.
>
> Is there any reason why the build has to happen on www-master?
> For the installation manual and release notes, my understanding is that the
> building happens elsewhere (such as on alioth) and the content is then
> synced over to www-master.
Yes, as I posted minutes ago.
installation manual: on alioth by d-i folks, I think.
release notes: on gluck for DDP linked pages.
> A side benefit of doing that, besides security, is that committers who
> cannot access www-master can still debug website build issues and even
> launch a new build if necessary.
Yes, some mirrored package status pages will be nice.
Osamu
Reply to: