On 06.08.2010 20:18, Hyrum K. Wright wrote: > On Fri, Aug 6, 2010 at 1:13 PM, Greg Hudson <ghud...@mit.edu> wrote: > >> On Fri, 2010-08-06 at 13:50 -0400, Hyrum K. Wright wrote: >> >>> I'm doing some more thinking about repository-dictated configuration, >>> >> I get nervous when I see people talk about repository-dictated >> configuration as an extension of the general configuration framework. >> >> There are a lot of things a repository should not be able to configure >> for trust reasons--in particular, what commands the client runs. When >> you check out material from a repository, you are not handing over the >> keys to your machine or account, just retrieving content. In fact, I >> think there are only a few specific configuration variables which a >> repository should be able to influence, such as mime-type recognition. >> > Agree with the general point, but it raises another point: which > values are acceptable for overriding? Are they hardcoded or > configurable (if configurable, that kinda defeats the point, since > they'd have to be configured locally)? White list? Black list? > > Would a hard-coded list be something that depends on application > (corporate vs. open source vs. some other deployment)? >
I'd suggest a hard-coded list in libsvn_client. The type of deployment is irrelevant, because anyone can hack the source to suit their needs. The important bit is that we put a safe default whitelist into the code we publish. -- Brane
