To: Robert Treat <xzilla@users.sourceforge.net>
Cc: "Marc G. Fournier" <scrappy@postgresql.org>,
	pgsql-www@postgresql.org
Subject: Re: things currently broken/missing 
In-reply-to: <1076514410.17920.94.camel@camel> 
References: <1076509856.18024.90.camel@camel>
	<20040211110619.D40659@ganymede.hub.org>
	<1076514410.17920.94.camel@camel>
Comments: In-reply-to Robert Treat <xzilla@users.sourceforge.net>
	message dated "11 Feb 2004 10:46:50 -0500"
Date: Wed, 11 Feb 2004 11:15:16 -0500
Message-ID: <21453.1076516116@sss.pgh.pa.us>
From: Tom Lane <tgl@sss.pgh.pa.us>

Robert Treat <xzilla@users.sourceforge.net> writes:
> On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote:
>> Odd ... I just disabled it ... why would we want that ability enabled:
>> 
>> # allow annotation of files
>> # this requires rw-access to the
>> # CVSROOT/history - file and rw-access
>> # to the subdirectory to place the lock
>> # so you maybe don't want it
>> 
>> sounds to me like anyone with a web browser can write to CVS?

> thats not what its supposed to do, though it does sound like thats what
> it does from the instructions you've pasted. what its supposed to do is
> give you a a breakdown of file changes per version, similar to this:
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2

I think we probably ought to leave this turned off.  From a security
standpoint, it would scare me quite a lot for the cgi user to have write
access to the CVS tree.  Even though the annotation software itself may
do nothing more risky than temporarily locking files, what of bugs that
might allow someone to make more extensive changes?

The annotation display is kind of nice, but it doesn't strike me as
useful enough to be worth taking any risks for.  The people who are
likely to need it all have local CVS copies and can just run "cvs anno"
when they need it.  (But then, I only find a use for this maybe a couple
times a year.  Perhaps other people depend on it more?)

			regards, tom lane