On Wed, Feb 04, 2009 at 01:12:04PM +0100, Stephen R. van den Berg wrote:
> I installed gitosis a year ago.
> Then I tried to audit the code.
> I couldn't, the whole thing is too much spaghetti code.
Huh. It's about 1000 lines of python, with about 2000 lines of unit
tests. It has 3 top-level operations: init, serve, run_hook. That
still counts as "tiny" in my mind. I'm sorry if following the code was
too hard. I guess there's no accounting for taste.
> Auditing gitosis turned out to be too painful to be worth the trouble,
> so I reverted to a manually maintained git-shell solution which is so
> simple that I can actually audit it, and therefore is provably secure
> (which gitosis is not).
This word, "provably", tends to mean something else than what you use
it for. Definitely a simple audit doesn't prove anything. Most
real-world software is complex enough to be practically unprovable for
anything.
--
:(){ :|:&};:
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
