Update of sr #107077 (project administration):
Assigned to: None => Beuc
Open/Closed: Open => Closed
_______________________________________________________
Follow-up Comment #6:
At Savannah we do not allow local shell access to make it harder for users to
attempt to exploit vulnerabilities before fixes are applied.
Consequently we will not offer both sftp: and bzr+ssh: at the same time, as
the combination of both would allow users to run arbitrary commands on the
server through commit hooks, in effect getting local access.
At a point we may move to bzr+ssh completely, but this requires moving all
the projects at once, and making sure they can create the directory layouts
they need through our web interface. Currently, there is not enough incentive,
or time, to do so. In particular it seems server-side commit hook'ing is
supported, but there are few actual server-side commit hooks.
As for installing the recent 2.0, we'll wait until this is properly support
in Debian stable, or possibly Debian backports.
So it is a bit more complicated than just installing a piece of software on
our servers.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107077>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
