Re: Bug#338503: ITP: cvssuck -- inefficient cvs repository grabber using cvs command
On Wed, Nov 16, 2005 at 02:17:08PM +0000, Tim Cutts wrote:
> I wouldn't call it a "mirror" though; how does it manage to fetch the
> complete repository including history? It doesn't do something evil
> like fetch the cvs log, and then fetch every single revision for
> every file, does it?
Looking at the source, I think that is exactly what it does, although
I've only had a cursory glance.
I did notice also that it's vulnerable to a symlink attach, suggest
shelling out to mktemp at line #127 in your debian diff.gz.