[fdo] Re: On translation regressions due to freedesktop.org
dependencies
Daniel Stone
daniel at freedesktop.org
Mon Jul 26 21:34:40 PDT 2004
On Mon, Jul 26, 2004 at 09:21:47PM -0700, Bryce Harrington wrote:
> On Tue, 27 Jul 2004, Daniel Stone wrote:
> > I'm just saying that I feel a twang every time I add someone to fd.o (in
> > particular, the X projects, since they are so widely-deployed), and that
> > if we were to wholesale import 88 or 120 committers ... wow. That's a
> > big change, and 120 *more* potential attack vectors (even more than we
> > already have). If there is any way to lessen the pain by a logical
> > separation: coders can commit to the code components, translators can
> > commit to the translation components, that would absolutely make my day.
>
> Heya Daniel,
>
> Would this CVS access script be of any use in mitigating the issue?
>
> http://sourceforge.net/docman/display_doc.php?docid=772&group_id=1#scriptcvsacls
Not really, sadly; we don't run authenticated pserver for very good
reason, and all developers have shell access, so they could completely
bypass it, which doesn't solve the problem of one of 120 compromised
accounts leading to a hole in the X code (or D-BUS, or whatever).
At this stage, I'm thinking an overlay module would be the best
solution. Can any of the translators (or developers, or anyone) comment
on whether I'm just really stupid or if this is actually a good idea?
:) d
--
Daniel Stone <daniel at freedesktop.org>
freedesktop.org: powering your desktop http://www.freedesktop.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://freedesktop.org/pipermail/freedesktop/attachments/20040727/39e301ed/attachment.pgp
More information about the freedesktop
mailing list