savannah-hackers-public
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] bzr commit notifications


From: Glenn Morris
Subject: Re: [Savannah-hackers-public] bzr commit notifications
Date: Thu, 6 Jun 2013 01:59:59 -0400

I got it working.

There was a hard-coded --no-plugins being passed to bzr in
/usr/local/bin/sv_membersh .

Does anyone see any issue with removing that? I don't see one myself.

The original motivation is contained in the thread
http://lists.gnu.org/archive/html/savannah-hackers-public/2010-03/msg00026.html

Things have changed since then.
sftp access is no longer allowed since later that year.
http://lists.gnu.org/archive/html/savannah-hackers-public/2010-10/msg00015.html

IIUC, the concern was that users might somehow be able to install
plugins and thus do arbitrary things. I really don't see how they
could. As a normal Savannah user, I have no access to ~gm/.bazaar/, do I?

In any case, /usr/local/bin/sv_membersh runs bzr with HOME == /var/lib/bzr.
Also, I added a setting BZR_PLUGIN_PATH = '-user:+core:-site'.
This option did not exist back in 2010.
It disables all plugins except core ones that come with bzr.
Ref:
http://doc.bazaar.canonical.com/bzr.2.5/en/user-reference/configuration-help.html

So I think it is ok?


Of course, it still could break somehow after a week or so of use,
like bzr-hookless-email did...

If it seems ok, I will switch Emacs to use this rather than the
bzr-hookless-email cron job. As bonuses: commit notifications are
immediate rather than hourly, and users can turn notifications on and
off for their own branches rather than having to ask Savannah admins to
do it.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]