[SAC] [OSGeo] #363: SVN repositories without authz files seem to
allow any authorized OSGeo LDAP user to commit
OSGeo
trac_osgeo at osgeo.org
Sun Apr 26 23:33:32 EDT 2009
#363: SVN repositories without authz files seem to allow any authorized OSGeo
LDAP user to commit
-------------------+--------------------------------------------------------
Reporter: hobu | Owner: sac at lists.osgeo.org
Type: task | Status: new
Priority: normal | Component: SAC
Keywords: |
-------------------+--------------------------------------------------------
The OSSIM project had some unauthorized commits to its repository
http://trac.osgeo.org/ossim/changeset/14391 , and I also found that I
could commit to their repository even though I wasn't in the ossim group
http://trac.osgeo.org/ossim/changeset/14406
Some limited testing showed me this is related to our non-authz
configuration, but I couldn't figure out why it was allowing me to commit.
For a quick fix, I just put an authz.tmpl in the ossim svn directory and
went on my way. There are a number of projects that do not use authz
though, so we should figure out what's going on.
--
Ticket URL: <http://trac.osgeo.org/osgeo/ticket/363>
OSGeo <http://www.osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list