Complete.Org: Mailing Lists: Archives: freeciv-dev: February 2001:
[Freeciv-Dev] Re: patch handling (was: [Update] Attribute handling) 		Home

[Freeciv-Dev] Re: patch handling (was: [Update] Attribute handling)

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: Erik Sigra <sigra@xxxxxxx>
Cc: freeciv-dev@xxxxxxxxxxx
Subject: [Freeciv-Dev] Re: patch handling (was: [Update] Attribute handling)
From: Raimar Falke <hawk@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 16 Feb 2001 22:21:24 +0100
Reply-to: rf13@xxxxxxxxxxxxxxxxxxxxxxxx 
On Fri, Feb 16, 2001 at 10:04:54PM +0100, Erik Sigra wrote:
> fredagen den 16 februari 2001 21:00 skrev Mike Jing:
> > Reinier Post <rp@xxxxxxxxxx> wrote:
> > >On Thu, Feb 15, 2001 at 07:33:09PM +0100, Raimar Falke wrote:
> > >>>Just an idea: give a CVS access for Raimar. And other most active
> > >>>developers also, like for example Marko Lindqvist and Mike Jing.
> > >>>If our current administrators are really so busy, so this would
> > >>>probably alleviate our problem a bit (?).
> > >
> > >I second this motion.
> > >
> > >>Reinier said he will take a look at the attribute handling.
> > >
> > >But I don't have CVS write access to the code, and I don't want it,
> > > either!
> >
> > Me either.  I don't trust myself enough to accept that responsibility. 
> > >:->
> >
> > On the other hand, I do wish some of the smaller fixes could be committed
> > more quickly.
> 
> I don't want the host/maintainers to hand out write access to the left and 
> right either. It's a security issue. If more people have accounts and 
> passwords, there are more accounts availible to hijack for evil crackers. 
> Then they could checkin trojan horses, which people then update, compile and 
> run. Especially since I have heard that people use cronjobs to update Freeciv 
> CVS.

Ack.

> Limiting write access to parts of the project is good. If I understand 
> correctly, translators have access to the doc and po directories. But it 
> would be even better to limit to files. There is no reason for the pt_BR 
> translator to have access to for example ja.po. But maybe there is some 
> limitation in CVS?

I think you are here a bit too paranoid:
 - the po files doesn't contain code
 - to make an effect the change have to be committed. All commitments
   are mailed to freeciv-cvs. (yes this can be subverted as well)
   freeciv-cvs should have enough eyeballs to catch any
   irregularities.

> However, a growing project needs to expand. So I think it would be nice to 
> add 1 or 2 new committers. They should be people with good understanding of 
> the overall structure of Freeciv, know how the parts affect each other so 
> they don't break anything, be skilled C programmers and have a high level of 
> understanding of Linux (or the system they use) security administration (see 
> above).

Ack.

        Raimar

-- 
 email: rf13@xxxxxxxxxxxxxxxxx
 "It is not yet possible to change operating system by writing
  to /proc/sys/kernel/ostype."              sysctl(2) man page
[Prev in Thread] Current Thread [Next in Thread]