On Fri, Aug 6, 2010 at 1:13 PM, Greg Hudson <ghudson_at_mit.edu> wrote:
> On Fri, 2010-08-06 at 13:50 -0400, Hyrum K. Wright wrote:
>> I'm doing some more thinking about repository-dictated configuration,
>
> I get nervous when I see people talk about repository-dictated
> configuration as an extension of the general configuration framework.
>
> There are a lot of things a repository should not be able to configure
> for trust reasons--in particular, what commands the client runs. When
> you check out material from a repository, you are not handing over the
> keys to your machine or account, just retrieving content. In fact, I
> think there are only a few specific configuration variables which a
> repository should be able to influence, such as mime-type recognition.
Agree with the general point, but it raises another point: which
values are acceptable for overriding? Are they hardcoded or
configurable (if configurable, that kinda defeats the point, since
they'd have to be configured locally)? White list? Black list?
Would a hard-coded list be something that depends on application
(corporate vs. open source vs. some other deployment)?
-Hyrum
Received on 2010-08-06 20:19:35 CEST