Hi Salvatore, On Thu, Dec 28, 2017 at 10:08:42PM +0100, Salvatore Bonaccorso wrote: [..snip..] > Thank you. There is one further change needed I think, and one > question/concern. > > The Makefile must be as well not in the security-tracker.git, but > linked from there. But now this is still not safe to have > security-tracker-bin git as submodule, because one can just replace > the symlinks we created.
Maybe I don't understand yet what you want to achive: I thought you wanted to be able to make changes to the scripts and the data files independently so that changes to the scripts wouldn't go live on soriano after a commit accidentally. So we get to decide when a new tracker version goes live independent of any changes to data/ That's possible with the split. It doesn't protect you from somebody maliciously trying to modify tracker code via the secure-testing repository. For this we'd have to decouple the repos completely with security-tracker-bin not even being a submodule (since otherwise somebody with commit access to the security-tracker can always forward the supmodule ref). > So in the long run we would better of to decouple the data part and > code part defintively, but I wonder if for now the safest road would > be to go back one step, do the svn to git migration in one repository > and for the autmoatic updates triggeres, operate in a separate > workdir. That's certainly possible (although a bit confusing to have two separate checkouts at different revisions). Cheers -- Guido
