| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Git cvsserver serious issue |
| Date: | 2010-09-22 14:03:23 |
| Message-ID: | AANLkTikqQFpagRSQ4w+4UjW7W6Bcc3HD+55BLWK4tN=Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | buildfarm-members pgsql-hackers |
So, I found (with some helpful hints from Robert who caught the final
nail in the coffin) a good reason why we really can't run a
git-cvsserver globally.
Any user can point their cvs client at the repository. And check out
an arbitrary branch, tag *or individual commit*. Doing so will create
a 50Mb sqlite database on the server with cache information about that
head.
That basically means that git-cvsserver is completely useless in a
public scenario as it stands. An easier way to DOS our server is hard
to find, really.
Now, if we can limit this by IP address, that would be ok. I assume we
can do this for the NLS stuff - peter?
As for buildfarm members needing CVS - is it workable to require that
the maintainers of these set up their own git clone with git cvsserver
(over ssh or pserver) and restrict it locally to the IP(s) of their
machines?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2010-09-22 14:23:35 | Re: Git cvsserver serious issue |
| Previous Message | Dave Page | 2010-08-16 11:28:56 | [Pgbuildfarm-members] Web txn error with new members |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Aidan Van Dyk | 2010-09-22 14:11:19 | Re: repository size differences |
| Previous Message | Tom Lane | 2010-09-22 14:01:33 | Re: Multi-branch committing in git, revisited |