Re: Add note about Oort Gnus releases, and No Gnus.

[Ted Zlatanov <tzz@lifelogs.com>]

On Sun, 19 Dec 2010 00:29:30 +0100 asjo@koldfront.dk (Adam Sjøgren) wrote: 

AS> On Sat, 18 Dec 2010 10:08:53 -0600, Ted wrote:
>> No, because pulling in place means that at least for a little bit you
>> have the wrong permissions on things.

AS> How come? Does any of the files on the website need special permissions?

Not currently.  But like I said, Git is plain stupid when it comes to
permissions and I don't want to trust it with them.  Maybe if we
combined Git with metastore or etckeeper it would work, but I'm not
confident and the scale of this work doesn't warrant it.

>>>> Also the .git directory under the HTML tree would bother me and is a
>>>> potential security risk.

AS> Again I am probably dense, but how would the content of .git pose a
AS> security risk?

>> It could be used by an attacker to hide files, for instance.

AS> If an attacker can put files in .git, couldn't he put them anywhere else
AS> as well?

It's a hidden directory that's served by the webserver, which makes it a
nice juicy target.  It's a small security risk but I'd rather not take it.

AS> To me a deployment process that uses sudo a number of times seems more
AS> questionable than one that runs fewer commands and unprivileged, but
AS> what do I know :-)

I realized I forgot to qualify the paths completely when you mentioned
that :)

I don't think sudo is a problem when it calls trusted commands with
known parameters.  I know exactly what chown, chmod, and rsync will do
as I listed them.  Git, on the other hand, is extremely complex and, as
I said, not written with security in mind.  So my choices are more
conservative.

Ted