[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Alternative plan for DDP

On Wed, Feb 04, 2004 at 11:04:34AM +0100, Francesco P. Lovergine wrote:
> On Tue, Feb 03, 2004 at 10:46:21PM +0100, Osamu Aoki wrote:
> > joy's (I think) cron script to check out CVS 
> >  Step 1: checkout from alioth.debian.org (source1)
> >  Step 2: export from cvs.debian.org      (source2)
> >  Step 3: copy source2 over source1 with cp -af
> >  Build like he does now using Makefile in parent directory.
> > 
> 
> Important hint: every script/makefile must use '-f Makefile' explicitly in 
> make invocation to avoid the default name overriding by malicious
> use of GNUmakefile. That's mandatory IMHO. Setting of MAKEFILES could
> also be considered to avoid this kind of potential abuse.

Very good reminder.  Thanks.

> The point is not considering alioth cvs more trustable than needed.
> That's also my concern about having scripts cvs mantained on alioth,
> of course.

If you read scripts used to make nice PDF for Chinese, Polish, ... in
Debian Reference, you see that this was done by non-DD.  I can judge
this will not do nasty thing but building these script was beyond my
ability and I relyed on Jens (a non-DD) to do this.  The only way to
effectively communicate with him was through CVS.  So I insist to have
all contents in Alioth.  Otherwise building these in many language is
impossible.  debiandocsgml2* script is not perfect yet.

If you took time to check the test CVS at alioth, you can see that I
tried to rationalize directory name.  I think doing this now will be
easiest time.

Anyway, my notification to the list was not early enough to give all to
review my intent.  Let me go slower now.

Osamu
Reply to: