|
From: | Vincent Caron |
Subject: | [Savannah-hackers] Re: Plan for today |
Date: | Thu, 18 Dec 2003 18:28:41 +0100 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 |
Mathieu Roy wrote:
In theory, a malicious hacker could change the RCS file in place without you noticing on cvs updates. Although that's very tricky and there are plenty of other places with easier and more insteresting backdoors to install.How so? Each time I make a cvs update, the RCS file on the server is compared with my file. And if I do not have the exact same file, I'llget a U, or even a C if edited the file.
I think I've been too suspicious on this item, forget it.
Apart from that I do not clearly understand your proposal. No change that have been made to the server should impact the frontend part (how so?)
That's true, we should have the frontend easily and quickly working.
For the backend, I guess that the change you'll have to made will not be polished and portable enough to be commited in the savannah CVS in a near future. So you can create a CVS for hacked backend, unlinked to the savannah project itself, if you feel it necessary.
That's what I meant, there's an emergency for subversions, and I think you would prefer to defer discussions and maybe implementation issues about this chroot thing on the official Savannah tree later.
[Prev in Thread] | Current Thread | [Next in Thread] |