Re: bugtraq properties in the command line client?

On Thu, Jan 13, 2005 at 06:10:06PM -0000, Max Bowsher wrote:
> To some extent that makes sense - a "client side hook", called to generate
> template log messages.
>
> On the other hand, such things could not be configurable by the repository,
> since that would provide the opportunity for the server to run arbitrary
> code on the client at commit time, which would be a major security hole.

There's no reason it has to be configured by the repository. If you
want different repos to have different templates, just make sure the
hook script gets the URL to the repo. Then it can behave differently
for different repos.

Repos can then put their hook scripts into the repo. People wanting to
use them can copy them onto their local config. If they have more than
one they can write a simple wrapper that checks the URL and then calls
the right hook-script.

> Perhaps instead what we need is a generic "log-template" configuration
> thing, determined by the repository, which would be a text string, which
> has certain substitutions performed on it by the client.

That's exactly the type of design I want to avoid. The hook script is
significantly more flexible than anything you can come up with for that.

I don't see the need for an overly complicated design when simply
providing the script a little bit more info can let it handle the issue.

Sure, the user has to do more work, but this is a tradeoff between
convience and security.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org