On 07.09.2007, at 11:01, Joachim Breitner wrote:
Hi,
Am Freitag, den 07.09.2007, 10:59 +0200 schrieb Florian Weimer:
* Joachim Breitner:
I think mounting the file system no-exec covers that. IIRC,
Subversion directly executes the hook scripts, and this will
fail in
that case.
Then this should be mentioned in the file. I also think that this is
quite a high hurdle: Admins that want that can surely re-compile
scponly.
It's mentioned in the file (item 7), but I agree that this is not the
target group of the Debian package.
Sorry, didn’t read it all.
For the rest, the debian package should come without svn
support. The README.Debian could describe the disabled features, and
under what circumstances they are save, and how best to recompile
scponly.
The package could create two binaries, one that supports just
scp/sftp, and another one for the rest.
Sounds good, but that’s up to the maintainer. Thomas, are you reading
this?
I am, I'm doing an overhaul of the package soon.
Tom
For the stable security update, it's probably best to just disable
Subversion/Unison/rsync.
I agree.
Greetings,
Joachim
--
Joachim "nomeata" Breitner
Debian Developer
[EMAIL PROTECTED] | ICQ# 74513189 | GPG-Keyid: 4743206C
JID: [EMAIL PROTECTED] | http://people.debian.org/~nomeata
