Thread: things currently broken/missing
not sure who has access to what, but here's a list of things that currently need to be fixed on the various sites. annotated cvs still broken http://developer.postgresql.org/cvsweb.cgi/pgsql-server/COPYRIGHT?annotate=1.9 pgsql-cygwin has references pgsql-admin in instructions http://archives.postgresql.org/pgsql-cygwin/ pgsql-novice has different background color http://archives.postgresql.org/pgsql-novice/ pgsql-hackers-win32 is busted http://archives.postgresql.org/pgsql-hackers-win32/ pgsql-hackers-pitr is missing (missing) pg-de-allgemein is busted http://archives.postgresql.org/pgsql-de-allgemein/ pgsql-fr-generale is busted http://archives.postgresql.org/pgsql-fr-generale/ san fran gives empty directory http://archives.postgresql.org/sfpug/ Need a space added between the last regional list and the project list header. jobs.postgresql.org needs to be updated with info from techdocs.postgresql.org/jobs.php Robert Treat -- Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
Hiyas, Robert Treat wrote: <snip> One more for the list is that on the Techdocs site, it still points to an older version of Jason Tishler's instructions for installing through CVS. 7.3.x from memory. He updates his instructions to a new URL (i.e. the same one but with 7.4.1 replacing the 7.3.4 bit) with each major release. Not sure if he creates a "-latest" symlink version either, but some method of keeping the pointer to his latest instructions for people would be useful. Hope that's helpful. :-) Regards and best wishes, Justin Clift > Robert Treat
On Wed, 11 Feb 2004, Robert Treat wrote: > not sure who has access to what, but here's a list of things that > currently need to be fixed on the various sites. > > annotated cvs still broken > http://developer.postgresql.org/cvsweb.cgi/pgsql-server/COPYRIGHT?annotate=1.9 Odd ... I just disabled it ... why would we want that ability enabled: # allow annotation of files # this requires rw-access to the # CVSROOT/history - file and rw-access # to the subdirectory to place the lock # so you maybe don't want it sounds to me like anyone with a web browser can write to CVS? > pgsql-cygwin has references pgsql-admin in instructions > http://archives.postgresql.org/pgsql-cygwin/ fixed > pgsql-novice has different background color > http://archives.postgresql.org/pgsql-novice/ Fixed > pgsql-hackers-win32 is busted > http://archives.postgresql.org/pgsql-hackers-win32/ Fixed > pgsql-hackers-pitr is missing > (missing) Fixed > pg-de-allgemein is busted > http://archives.postgresql.org/pgsql-de-allgemein/ Fixed > pgsql-fr-generale is busted > http://archives.postgresql.org/pgsql-fr-generale/ Fixed > san fran gives empty directory > http://archives.postgresql.org/sfpug/ Fixed > Need a space added between the last regional list and the project list > header. Fixed ... mhonarc is running now, so some of the fixes above won't show up until its finished ... if anyone has improved text for any of the lists, please feel free to send it over ... most notably, the de, fr and sfpug lists ... ---- Marc G. Fournier Hub.Org Networking Services (http://www.hub.org) Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote: > On Wed, 11 Feb 2004, Robert Treat wrote: > > > not sure who has access to what, but here's a list of things that > > currently need to be fixed on the various sites. > > > > annotated cvs still broken > > http://developer.postgresql.org/cvsweb.cgi/pgsql-server/COPYRIGHT?annotate=1.9 > > Odd ... I just disabled it ... why would we want that ability enabled: > > # allow annotation of files > # this requires rw-access to the > # CVSROOT/history - file and rw-access > # to the subdirectory to place the lock > # so you maybe don't want it > > sounds to me like anyone with a web browser can write to CVS? > thats not what its supposed to do, though it does sound like thats what it does from the instructions you've pasted. what its supposed to do is give you a a breakdown of file changes per version, similar to this: http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2 Robert Treat -- Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
Robert Treat <xzilla@users.sourceforge.net> writes: > On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote: >> Odd ... I just disabled it ... why would we want that ability enabled: >> >> # allow annotation of files >> # this requires rw-access to the >> # CVSROOT/history - file and rw-access >> # to the subdirectory to place the lock >> # so you maybe don't want it >> >> sounds to me like anyone with a web browser can write to CVS? > thats not what its supposed to do, though it does sound like thats what > it does from the instructions you've pasted. what its supposed to do is > give you a a breakdown of file changes per version, similar to this: > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2 I think we probably ought to leave this turned off. From a security standpoint, it would scare me quite a lot for the cgi user to have write access to the CVS tree. Even though the annotation software itself may do nothing more risky than temporarily locking files, what of bugs that might allow someone to make more extensive changes? The annotation display is kind of nice, but it doesn't strike me as useful enough to be worth taking any risks for. The people who are likely to need it all have local CVS copies and can just run "cvs anno" when they need it. (But then, I only find a use for this maybe a couple times a year. Perhaps other people depend on it more?) regards, tom lane
doing a quick look, we're running an *ancient* version (not sure what
version):
# $Id: cvsweb.cgi,v 1.1.1.1 2001/10/03 12:24:53 root Exp $
vs 2.0.6 which is in FreeBSD ports:
# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119.2.6 2002/09/26 20:56:05
scop Exp $
and:
The latest beta version, 2.9.2 on the web site at:
http://www.freebsd.org/projects/cvsweb.html
so, do we want to look at upgrading? :)
On Wed, 11 Feb 2004, Tom Lane wrote:
> Robert Treat <xzilla@users.sourceforge.net> writes:
> > On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote:
> >> Odd ... I just disabled it ... why would we want that ability enabled:
> >>
> >> # allow annotation of files
> >> # this requires rw-access to the
> >> # CVSROOT/history - file and rw-access
> >> # to the subdirectory to place the lock
> >> # so you maybe don't want it
> >>
> >> sounds to me like anyone with a web browser can write to CVS?
>
> > thats not what its supposed to do, though it does sound like thats what
> > it does from the instructions you've pasted. what its supposed to do is
> > give you a a breakdown of file changes per version, similar to this:
> > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2
>
> I think we probably ought to leave this turned off. From a security
> standpoint, it would scare me quite a lot for the cgi user to have write
> access to the CVS tree. Even though the annotation software itself may
> do nothing more risky than temporarily locking files, what of bugs that
> might allow someone to make more extensive changes?
>
> The annotation display is kind of nice, but it doesn't strike me as
> useful enough to be worth taking any risks for. The people who are
> likely to need it all have local CVS copies and can just run "cvs anno"
> when they need it. (But then, I only find a use for this maybe a couple
> times a year. Perhaps other people depend on it more?)
>
> regards, tom lane
>
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: scrappy@hub.org Yahoo!: yscrappy ICQ: 7615664
"Marc G. Fournier" <scrappy@postgresql.org> writes: > doing a quick look, we're running an *ancient* version (not sure what > version): I use cvsweb constantly, so if there's a later release you can drop in easily, please do. Also, see if you can teach it about the PostgreSQL CVS keyword? Right now, if you do a diff it mistakenly shows the PostgreSQL line as a diff. Compare for example http://developer.postgresql.org/cvsweb.cgi/pgsql-server/GNUmakefile.in.diff?r1=1.36&r2=1.37 http://developer.postgresql.org/cvsweb.cgi/pgsql-server/GNUmakefile.in.diff?r1=1.34&r2=1.35 In the latter case it's hiding the $Header$ change as irrelevant (as you can confirm by selecting the "context diff" option). But it doesn't know to do so for $PostgreSQL$. regards, tom lane
-On [20040211 17:32], Tom Lane (tgl@sss.pgh.pa.us) wrote: >I think we probably ought to leave this turned off. From a security >standpoint, it would scare me quite a lot for the cgi user to have write >access to the CVS tree. Even though the annotation software itself may >do nothing more risky than temporarily locking files, what of bugs that >might allow someone to make more extensive changes? Make sure to replace every call to 'cvs' with 'cvs -R'. This enables read-only repository mode. Or set the relevant environment variable. Note that cvs 1.12.x is more intelligent about locks. -- Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono PGP fingerprint: 2D92 980E 45FE 2C28 9DB7 9D88 97E6 839B 2EAC 625B http://www.tendra.org/ | http://diary.in-nomine.org/ Expansion of happiness is the purpose of life...
-On [20040211 21:22], Tom Lane (tgl@sss.pgh.pa.us) wrote: >Also, see if you can teach it about the PostgreSQL CVS keyword? Right >now, if you do a diff it mistakenly shows the PostgreSQL line as a diff. If using cvs 1.12.x adjust CVSROOT/config to read: LocalKeyword=PostgreSQL=CVSHeader KeywordExpand=iPostgreSQL If using FreeBSD and its expanded cvs 1.11.x adjust CVSROOT/options: tag=PostgreSQL=CVSHeader tagexpand=iPostgreSQL -- Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono PGP fingerprint: 2D92 980E 45FE 2C28 9DB7 9D88 97E6 839B 2EAC 625B http://www.tendra.org/ | http://diary.in-nomine.org/ The last word in a chronicle is never set down...