"serve --allow-writes" allows more than you might think
Bug #84659 reported by
Martin Pool
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bazaar |
Fix Released
|
Medium
|
Unassigned |
Bug Description
'bzr serve --allow-writes' is actually a bit dangerous, since it allows anonymous write access by anyone with network access to the server.
At the least, the help of the option should be updated to indicate this. Renaming the option is out of the question due to backwards compatibility constraints. Perhaps we can do something else that's more than simple documentation.
Related branches
lp:~jml/bzr/allow-writes-change-84659
Rejected
for merging
into
lp:~bzr/bzr/trunk-old
- Robert Collins (community): Disapprove
- Diff: 85 lines
lp:~lifeless/bzr/bug-84659
- Martin Pool: Approve
-
Diff: 40 lines (+10/-3)2 files modifiedNEWS (+3/-0)
bzrlib/builtins.py (+7/-3)
Changed in bzr: | |
assignee: | nobody → spiv |
importance: | Undecided → High |
Changed in bzr: | |
status: | Unconfirmed → Confirmed |
Changed in bzr: | |
importance: | High → Medium |
Changed in bzr: | |
assignee: | Andrew Bennetts (spiv) → Jonathan Lange (jml) |
status: | Confirmed → Fix Committed |
description: | updated |
tags: | added: easy |
To post a comment you must log in.
so, only changes in option name required to fix this bug?