Hi!
intrigeri:
> u:
>> intrigeri:
>>> u:
>>>> ln -s ../../wiki/src/contribute/l10n_tricks/pre-commit .
>>>
>>> This caught my eye before I could test this.
>>>
>>> I'd rather not ask all Tails contributors to run code, on every
>>> commit, that lives in a section of our website that's publicly
>>> writable. Please consider moving this script to bin/ :)
>
>> With a notion of 'public' that allows only some people to write here, right?
> - I believe that the only thing that prevent ikiwiki.cgi from
> allowing anyone with an Internet connection to edit arbitrary files
> under wiki/src/ is our lockedit plugin configuration.
> There's already been security issues in this part of the ikiwiki
> code so I'd rather not rely on it when we can cheaply avoid it.
Oops. I was not aware of that.
> So yeah, in theory, assuming no software bugs, it's safe to put such
> code under wiki/src/; but it increases attack surface a fair bit, with
> no substantial benefit I can think of, so let's err on the safe side,
> as you did already, thanks!
If there's a place for such scripts, let's put them there :)
> Now, this hook runs wiki/src/contribute/l10n_tricks/check_po.sh so the
> problem I'm describing above is still there. This could not fixed in
> pre-commit hook by calling submodules/jenkins-tools/slaves/check_po
> directly instead of going through the symlink.
Agreed. I'll modify this, this will be transparent for the testers.
Cheers!
u.
