Hrm. It *is* pretty bad when you can't even perform an act of goodwill
That this is would be a contrib/ script implies that it is not community
maintained, so I don't see any problem with letting you contribute the
thing. All the software in our repository -- from Subversion itself to its
tests to the tools and contributions -- are "Use at your own risk". Some of
that risk might be mitigated by virtue of having extra eyeballs on pieces of
the code, but it's still a risk to anybody who doesn't have full knowledge
and understanding of the entirety of our codebase. (Which is pretty much
everyone in the world, myself included.)
glasser: Would you feel better about it if the script failed with:
ERROR: Only one person is known to have reviewed this script for
security consciousness. If you're down with that, please comment out
this error message.
Jonathan Kamens wrote:
> Several months ago, I submitted to this list a CGI script to allow users
> to change their own passwords in svnserve passwd files, and suggested
> that the script be distributed in the Subversion contrib. area. Several
> developers reviewed my code and provided extremely useful feedback,
> which I incorporated.
> David Glasser subsequently offered to sponsor me for partial commit
> access so I could add the script to the contrib. area, but he said that
> he preferred for someone else to do a security audit before doing so.
> He sent email to the list twice about this, the most recent time being
> on April 9, asking for a volunteer to do the security audit, but I’ve
> seen no responses.
> I’ve written the code. I want to give it away. It just needs somebody
> to review it. Please, somebody help me out here. :-)
> See attached for the current version of the script.
> *Jonathan Kamens*
> *Operations Manager / Principal Engineer***
> *Tamale Software*
> 201 South Street, Floor 3
> Boston, MA 02211
> (617) 261-0264 ext. 133
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2008-06-05 22:02:52 CEST