On 23.04.2010 11:45, Bert Huijben wrote:
>> -----Original Message-----
>> From: Greg Stein [mailto:gstein_at_gmail.com]
>> Sent: vrijdag 23 april 2010 0:57
>> To: Hyrum K. Wright
>> Cc: Subversion Development
>> Subject: Re: Feature idea: user-configurable post-commit notifications
>>
>> Write a hook script to do exactly that, and make it part of the
>> standard release.
>>
>> In some future release, after that script and its features stabilize,
>> *then* we can consider placing into into the core code.
>>
>> I fear the security aspects of something like you talk about: anybody
>> with commit access getting the server to issue a POST request to any
>> arbitrary URL *reachable* by the server? Oh ho ho... I can't even
>> begin to describe how many alarms that would trip with security
>> conscious administrators.
>>
> +1 on all of this.
>
*Shudder*. I'm not all that rabidly security-conscious but the very idea
raises the hair on the soles of my feet. Which is quite something
considering that I don't have any there.
Interestingly enough you do not even have to write a hook script that
does that. As long as your repository has any kind of subscribable
commit notification, e.g., uses mailer.py, you can trigger secondary
client-side notifications off of that.
-- Brane
Received on 2010-04-23 12:49:17 CEST