On Wed, Nov 16, 2005 at 02:17:08PM +0000, Tim Cutts wrote: > I wouldn't call it a "mirror" though; how does it manage to fetch the > complete repository including history? It doesn't do something evil > like fetch the cvs log, and then fetch every single revision for > every file, does it?
Looking at the source, I think that is exactly what it does, although I've only had a cursory glance. I did notice also that it's vulnerable to a symlink attach, suggest shelling out to mktemp at line #127 in your debian diff.gz. -- Jon Dowland http://jon.dowland.name/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
