public inbox for [email protected]
help / color / mirror / Atom feedthings currently broken/missing
9+ messages / 5 participants
[nested] [flat]
* things currently broken/missing
@ 2004-02-11 14:30 Robert Treat <[email protected]>
2004-02-11 14:43 ` Re: things currently broken/missing Justin Clift <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
0 siblings, 2 replies; 9+ messages in thread
From: Robert Treat @ 2004-02-11 14:30 UTC (permalink / raw)
To: pgsql-www
not sure who has access to what, but here's a list of things that
currently need to be fixed on the various sites.
annotated cvs still broken
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/COPYRIGHT?annotate=1.9
pgsql-cygwin has references pgsql-admin in instructions
http://archives.postgresql.org/pgsql-cygwin/
pgsql-novice has different background color
http://archives.postgresql.org/pgsql-novice/
pgsql-hackers-win32 is busted
http://archives.postgresql.org/pgsql-hackers-win32/
pgsql-hackers-pitr is missing
(missing)
pg-de-allgemein is busted
http://archives.postgresql.org/pgsql-de-allgemein/
pgsql-fr-generale is busted
http://archives.postgresql.org/pgsql-fr-generale/
san fran gives empty directory
http://archives.postgresql.org/sfpug/
Need a space added between the last regional list and the project list
header.
jobs.postgresql.org needs to be updated with info from
techdocs.postgresql.org/jobs.php
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
@ 2004-02-11 14:43 ` Justin Clift <[email protected]>
1 sibling, 0 replies; 9+ messages in thread
From: Justin Clift @ 2004-02-11 14:43 UTC (permalink / raw)
To: Robert Treat <[email protected]>; +Cc: pgsql-www
Hiyas,
Robert Treat wrote:
<snip>
One more for the list is that on the Techdocs site, it still points to
an older version of Jason Tishler's instructions for installing through
CVS. 7.3.x from memory. He updates his instructions to a new URL (i.e.
the same one but with 7.4.1 replacing the 7.3.4 bit) with each major
release.
Not sure if he creates a "-latest" symlink version either, but some
method of keeping the pointer to his latest instructions for people
would be useful.
Hope that's helpful.
:-)
Regards and best wishes,
Justin Clift
> Robert Treat
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
@ 2004-02-11 15:19 ` Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Re: things currently broken/missing Robert Treat <[email protected]>
1 sibling, 1 reply; 9+ messages in thread
From: Marc G. Fournier @ 2004-02-11 15:19 UTC (permalink / raw)
To: Robert Treat <[email protected]>; +Cc: pgsql-www
On Wed, 11 Feb 2004, Robert Treat wrote:
> not sure who has access to what, but here's a list of things that
> currently need to be fixed on the various sites.
>
> annotated cvs still broken
> http://developer.postgresql.org/cvsweb.cgi/pgsql-server/COPYRIGHT?annotate=1.9
Odd ... I just disabled it ... why would we want that ability enabled:
# allow annotation of files
# this requires rw-access to the
# CVSROOT/history - file and rw-access
# to the subdirectory to place the lock
# so you maybe don't want it
sounds to me like anyone with a web browser can write to CVS?
> pgsql-cygwin has references pgsql-admin in instructions
> http://archives.postgresql.org/pgsql-cygwin/
fixed
> pgsql-novice has different background color
> http://archives.postgresql.org/pgsql-novice/
Fixed
> pgsql-hackers-win32 is busted
> http://archives.postgresql.org/pgsql-hackers-win32/
Fixed
> pgsql-hackers-pitr is missing
> (missing)
Fixed
> pg-de-allgemein is busted
> http://archives.postgresql.org/pgsql-de-allgemein/
Fixed
> pgsql-fr-generale is busted
> http://archives.postgresql.org/pgsql-fr-generale/
Fixed
> san fran gives empty directory
> http://archives.postgresql.org/sfpug/
Fixed
> Need a space added between the last regional list and the project list
> header.
Fixed
... mhonarc is running now, so some of the fixes above won't show up until
its finished ... if anyone has improved text for any of the lists, please
feel free to send it over ... most notably, the de, fr and sfpug lists ...
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [email protected] Yahoo!: yscrappy ICQ: 7615664
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
@ 2004-02-11 15:46 ` Robert Treat <[email protected]>
2004-02-11 16:15 ` Re: things currently broken/missing Tom Lane <[email protected]>
0 siblings, 1 reply; 9+ messages in thread
From: Robert Treat @ 2004-02-11 15:46 UTC (permalink / raw)
To: Marc G. Fournier <[email protected]>; +Cc: pgsql-www
On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote:
> On Wed, 11 Feb 2004, Robert Treat wrote:
>
> > not sure who has access to what, but here's a list of things that
> > currently need to be fixed on the various sites.
> >
> > annotated cvs still broken
> > http://developer.postgresql.org/cvsweb.cgi/pgsql-server/COPYRIGHT?annotate=1.9
>
> Odd ... I just disabled it ... why would we want that ability enabled:
>
> # allow annotation of files
> # this requires rw-access to the
> # CVSROOT/history - file and rw-access
> # to the subdirectory to place the lock
> # so you maybe don't want it
>
> sounds to me like anyone with a web browser can write to CVS?
>
thats not what its supposed to do, though it does sound like thats what
it does from the instructions you've pasted. what its supposed to do is
give you a a breakdown of file changes per version, similar to this:
http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2
Robert Treat
--
Build A Brighter Lamp :: Linux Apache {middleware} PostgreSQL
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Re: things currently broken/missing Robert Treat <[email protected]>
@ 2004-02-11 16:15 ` Tom Lane <[email protected]>
2004-02-11 16:35 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 17:27 ` Re: things currently broken/missing Jeroen Ruigrok/asmodai <[email protected]>
0 siblings, 2 replies; 9+ messages in thread
From: Tom Lane @ 2004-02-11 16:15 UTC (permalink / raw)
To: Robert Treat <[email protected]>; +Cc: Marc G. Fournier <[email protected]>; pgsql-www
Robert Treat <[email protected]> writes:
> On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote:
>> Odd ... I just disabled it ... why would we want that ability enabled:
>>
>> # allow annotation of files
>> # this requires rw-access to the
>> # CVSROOT/history - file and rw-access
>> # to the subdirectory to place the lock
>> # so you maybe don't want it
>>
>> sounds to me like anyone with a web browser can write to CVS?
> thats not what its supposed to do, though it does sound like thats what
> it does from the instructions you've pasted. what its supposed to do is
> give you a a breakdown of file changes per version, similar to this:
> http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2
I think we probably ought to leave this turned off. From a security
standpoint, it would scare me quite a lot for the cgi user to have write
access to the CVS tree. Even though the annotation software itself may
do nothing more risky than temporarily locking files, what of bugs that
might allow someone to make more extensive changes?
The annotation display is kind of nice, but it doesn't strike me as
useful enough to be worth taking any risks for. The people who are
likely to need it all have local CVS copies and can just run "cvs anno"
when they need it. (But then, I only find a use for this maybe a couple
times a year. Perhaps other people depend on it more?)
regards, tom lane
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Re: things currently broken/missing Robert Treat <[email protected]>
2004-02-11 16:15 ` Re: things currently broken/missing Tom Lane <[email protected]>
@ 2004-02-11 16:35 ` Marc G. Fournier <[email protected]>
2004-02-11 16:49 ` Re: things currently broken/missing Tom Lane <[email protected]>
1 sibling, 1 reply; 9+ messages in thread
From: Marc G. Fournier @ 2004-02-11 16:35 UTC (permalink / raw)
To: Tom Lane <[email protected]>; +Cc: Robert Treat <[email protected]>; Marc G. Fournier <[email protected]>; pgsql-www
doing a quick look, we're running an *ancient* version (not sure what
version):
# $Id: cvsweb.cgi,v 1.1.1.1 2001/10/03 12:24:53 root Exp $
vs 2.0.6 which is in FreeBSD ports:
# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119.2.6 2002/09/26 20:56:05
scop Exp $
and:
The latest beta version, 2.9.2 on the web site at:
http://www.freebsd.org/projects/cvsweb.html
so, do we want to look at upgrading? :)
On Wed, 11 Feb 2004, Tom Lane wrote:
> Robert Treat <[email protected]> writes:
> > On Wed, 2004-02-11 at 10:19, Marc G. Fournier wrote:
> >> Odd ... I just disabled it ... why would we want that ability enabled:
> >>
> >> # allow annotation of files
> >> # this requires rw-access to the
> >> # CVSROOT/history - file and rw-access
> >> # to the subdirectory to place the lock
> >> # so you maybe don't want it
> >>
> >> sounds to me like anyone with a web browser can write to CVS?
>
> > thats not what its supposed to do, though it does sound like thats what
> > it does from the instructions you've pasted. what its supposed to do is
> > give you a a breakdown of file changes per version, similar to this:
> > http://www.freebsd.org/cgi/cvsweb.cgi/ports/www/urchin5/Makefile?annotate=1.2
>
> I think we probably ought to leave this turned off. From a security
> standpoint, it would scare me quite a lot for the cgi user to have write
> access to the CVS tree. Even though the annotation software itself may
> do nothing more risky than temporarily locking files, what of bugs that
> might allow someone to make more extensive changes?
>
> The annotation display is kind of nice, but it doesn't strike me as
> useful enough to be worth taking any risks for. The people who are
> likely to need it all have local CVS copies and can just run "cvs anno"
> when they need it. (But then, I only find a use for this maybe a couple
> times a year. Perhaps other people depend on it more?)
>
> regards, tom lane
>
----
Marc G. Fournier Hub.Org Networking Services (http://www.hub.org)
Email: [email protected] Yahoo!: yscrappy ICQ: 7615664
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Re: things currently broken/missing Robert Treat <[email protected]>
2004-02-11 16:15 ` Re: things currently broken/missing Tom Lane <[email protected]>
2004-02-11 16:35 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
@ 2004-02-11 16:49 ` Tom Lane <[email protected]>
2004-02-11 22:16 ` Re: things currently broken/missing Jeroen Ruigrok/asmodai <[email protected]>
0 siblings, 1 reply; 9+ messages in thread
From: Tom Lane @ 2004-02-11 16:49 UTC (permalink / raw)
To: Marc G. Fournier <[email protected]>; +Cc: Robert Treat <[email protected]>; pgsql-www
"Marc G. Fournier" <[email protected]> writes:
> doing a quick look, we're running an *ancient* version (not sure what
> version):
I use cvsweb constantly, so if there's a later release you can drop in
easily, please do.
Also, see if you can teach it about the PostgreSQL CVS keyword? Right
now, if you do a diff it mistakenly shows the PostgreSQL line as a diff.
Compare for example
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/GNUmakefile.in.diff?r1=1.36&r2=1.37
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/GNUmakefile.in.diff?r1=1.34&r2=1.35
In the latter case it's hiding the $Header$ change as irrelevant (as you
can confirm by selecting the "context diff" option). But it doesn't
know to do so for $PostgreSQL$.
regards, tom lane
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Re: things currently broken/missing Robert Treat <[email protected]>
2004-02-11 16:15 ` Re: things currently broken/missing Tom Lane <[email protected]>
2004-02-11 16:35 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 16:49 ` Re: things currently broken/missing Tom Lane <[email protected]>
@ 2004-02-11 22:16 ` Jeroen Ruigrok/asmodai <[email protected]>
0 siblings, 0 replies; 9+ messages in thread
From: Jeroen Ruigrok/asmodai @ 2004-02-11 22:16 UTC (permalink / raw)
To: Tom Lane <[email protected]>; +Cc: Marc G. Fournier <[email protected]>; Robert Treat <[email protected]>; pgsql-www
-On [20040211 21:22], Tom Lane ([email protected]) wrote:
>Also, see if you can teach it about the PostgreSQL CVS keyword? Right
>now, if you do a diff it mistakenly shows the PostgreSQL line as a diff.
If using cvs 1.12.x adjust CVSROOT/config to read:
LocalKeyword=PostgreSQL=CVSHeader
KeywordExpand=iPostgreSQL
If using FreeBSD and its expanded cvs 1.11.x adjust CVSROOT/options:
tag=PostgreSQL=CVSHeader
tagexpand=iPostgreSQL
--
Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono
PGP fingerprint: 2D92 980E 45FE 2C28 9DB7 9D88 97E6 839B 2EAC 625B
http://www.tendra.org/ | http://diary.in-nomine.org/
The last word in a chronicle is never set down...
^ permalink raw reply [nested|flat] 9+ messages in thread
* Re: things currently broken/missing
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 15:19 ` Re: things currently broken/missing Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Re: things currently broken/missing Robert Treat <[email protected]>
2004-02-11 16:15 ` Re: things currently broken/missing Tom Lane <[email protected]>
@ 2004-02-11 17:27 ` Jeroen Ruigrok/asmodai <[email protected]>
1 sibling, 0 replies; 9+ messages in thread
From: Jeroen Ruigrok/asmodai @ 2004-02-11 17:27 UTC (permalink / raw)
To: Tom Lane <[email protected]>; +Cc: Robert Treat <[email protected]>; Marc G. Fournier <[email protected]>; pgsql-www
-On [20040211 17:32], Tom Lane ([email protected]) wrote:
>I think we probably ought to leave this turned off. From a security
>standpoint, it would scare me quite a lot for the cgi user to have write
>access to the CVS tree. Even though the annotation software itself may
>do nothing more risky than temporarily locking files, what of bugs that
>might allow someone to make more extensive changes?
Make sure to replace every call to 'cvs' with 'cvs -R'. This enables
read-only repository mode. Or set the relevant environment variable.
Note that cvs 1.12.x is more intelligent about locks.
--
Jeroen Ruigrok van der Werven <asmodai(at)wxs.nl> / asmodai / kita no mono
PGP fingerprint: 2D92 980E 45FE 2C28 9DB7 9D88 97E6 839B 2EAC 625B
http://www.tendra.org/ | http://diary.in-nomine.org/
Expansion of happiness is the purpose of life...
^ permalink raw reply [nested|flat] 9+ messages in thread
end of thread, other threads:[~2004-02-11 22:16 UTC | newest]
Thread overview: 9+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2004-02-11 14:30 things currently broken/missing Robert Treat <[email protected]>
2004-02-11 14:43 ` Justin Clift <[email protected]>
2004-02-11 15:19 ` Marc G. Fournier <[email protected]>
2004-02-11 15:46 ` Robert Treat <[email protected]>
2004-02-11 16:15 ` Tom Lane <[email protected]>
2004-02-11 16:35 ` Marc G. Fournier <[email protected]>
2004-02-11 16:49 ` Tom Lane <[email protected]>
2004-02-11 22:16 ` Jeroen Ruigrok/asmodai <[email protected]>
2004-02-11 17:27 ` Jeroen Ruigrok/asmodai <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox