[csw-maintainers] Non-Maintainer Uploads (NMUs)
Yann Rouillard
yann at pleiades.fr.eu.org
Mon Aug 12 15:26:04 CEST 2013
I am not sure using the http protocol is the best way here.
I think we don't really care about the uploader, we rather care about who
rebuilt the package.
Because he's the one who knows what modification was made.
So I think it makes more sense to put that information in the package (in
pkginfo) at package build time, rather that trying to find it at upload
time from the authorization layer (even if usually uploader = last package
builder).
Yann
2013/8/12 Peter FELECAN <pfelecan at opencsw.org>
> "Maciej (Matchek) Bliziński" <maciej at opencsw.org> writes:
>
> > 2013/8/12 Peter FELECAN <pfelecan at opencsw.org>:
> >> Returning to the REMOTE_USER not being defined, after a cursory look at
> >> other people having issues with that it seems that even if the
> >> environment variable is not provided, there is a possibility to obtain
> >> the remote user from the "authorization" header, see
> >>
> http://stackoverflow.com/questions/8495229/remote-user-not-being-set-by-apache2
> >> but maybe this is also modified by the proxy.
> >
> > Normally the authorization header is stripped, unless you configure
> > Apache to specifically include it. The security concern is that you
> > expose the auth password to the script while you don't need to.
>
> Indeed. How about a rewrite? What are the other environment variables
> accessible to the script?
> --
> Peter
> _______________________________________________
> maintainers mailing list
> maintainers at lists.opencsw.org
> https://lists.opencsw.org/mailman/listinfo/maintainers
> .:: This mailing list's archive is public. ::.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opencsw.org/pipermail/maintainers/attachments/20130812/1ab47bc2/attachment.html>
More information about the maintainers
mailing list