On Sun, Jan 18, 2009 at 06:50:06AM -0600, Boyd Stephen Smith Jr. wrote: > I can't speak directly to gitosis' security. If users are allowed to, e.g. > change the hooks in their repository, there may be an issue there. I > certainly haven't done any sort of audit to the source code AND I do not > hold any security certification--or even job experience in a security > field, yet. You can't change hooks via gitosis, exactly for that reason. In the future, I hope to provide ways to configure "known safe" hook behavior. Basically something like "export contents after push to a fixed subdirectory of ~git, named after the repo path" that you can toggle on/off etc, one of those for every interesting hook I encounter. I do not ever want the gitosis admin to be able to do anything but denial of service or repository content destroying attacks. And those two capabilities are basically needed to do admin things. Summary: I fully expect gitosis to be more secure than a manually maintained git-shell over SSH setup, mostly because it can make human errors more rare. I also fully expect SSH(+gitosis)+git-shell to be more secure than Apache+mod_dav. -- :(){ :|:&};: -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html