Re: git dangerous operations on alioth

To: debian-devel@lists.debian.org
Subject: Re: git dangerous operations on alioth
From: Thorsten Glaser <t.glaser@tarent.de>
Date: Wed, 13 Mar 2013 15:07:57 +0000 (UTC)
Message-id: <[🔎] loom.20130313T160420-463@post.gmane.org>
References: <512F25CE.6060501@pocock.com.au> <20130228100722.GA18039@upsilon.cc>

Stefano Zacchiroli <zack <at> debian.org> writes:

> Related to this, there is also the risk that a user will ssh on alioth
> and rm the repository (accidentally or not). Do we have any kind of
> protection against that? (e.g. backups we can access to without
> bothering the alioth admins, or a way to give git access but not ssh
> access, or...)

anonssh can help lower the chance of that:

(this link is wrapped; GMane would not allow me to post otherwise,
just remove the newline after the question mark)

https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?
p=evolvis-platfrm/anonssh.git

It does allow sftp though… both by design.

(This version does SFTP, git and svn; the one in MirBSD does cvs and rsync;
extending it is pretty easy.)

SFTP and rsync can, arguably, remove a repository. With malintent.
But then, it’s a #ifdef…

Maybe permit rsync only for some anonymous user, so only receiving but
not writing is enabled… you can easily install varying anonssh flavours
(and put them into the allowed shells table in the gforge database).

Reply to:

Prev by Date: Bug#702844: marked as done (general: imposible to shutdown or logout graphically in gnome-shell)
Next by Date: Checking license compatibilty of (indirect) rdepends
Previous by thread: Re: git dangerous operations on alioth
Next by thread: Re: Getting Intel Cedarview drivers into Debian
Index(es):
- Date
- Thread