[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UDD bugs stale?

On 19/03/12 at 11:20 -0700, Don Armstrong wrote:
> On Sun, 18 Mar 2012, Lucas Nussbaum wrote:
> > Ah, bugs imports have been failing for a few days, with this error
> > message:
> > 
> > Environmental variable DEBBUGS_CONFIG_FILE set, and /org/bugs.debian.org/etc/config is not owned by the user
> > running this script. at /org/udd.debian.org/mirrors/bugs.debian.org/perl/Debbugs/Config.pm line 111.
> > debian-debbugs@, what's the reason for the change that introduced that check?
> Primarily because you could run code as the user running the script by
> setting that variable, and I wanted people to know that's what they
> were doing.
> > It's not trivial to work around that in UDD because:
> > - DSA does the mirroring for us, so files are owned by 'debbugs-mirror', not 'udd'
> > - we use the perl modules from the mirror (we don't have our own copy)
> > 
> > How do you recommend we fix this?
> One way would just be to cp /org/bugs/debian.org/etc/config foo; DEBBUGS_CONFIG_FILE="foo";  blah blah blah;
> another would be to convince me that what I did out of an abundance of
> caution wasn't particularly useful (which could be true.)

I kind-of fail to see the point. If I run a script as user 'lucas', I of
course expect it to be run as user 'lucas', and I need to trust the code
to some level. How is that different with debbugs ?


Reply to: