|
From: Hannes S. <ha...@yl...> - 2012-10-14 07:59:25
|
Hello Matthew, this sounds great and I think it would be very useful if you could document all of this in the wiki as well so that people not on the mailing list can discover about it as well. Personally, I'm a bit worried about this, though: > If you want to add a script to the server, just use: > > ./ahungry_scripter.sh push ./yourscript.js > > and it'll be merged into the tar.gz within the next minute. So if I push some malicious script, it will be merged into the 'repo' automatically. OK, you could argue that people should check the code before using the script, fair enough. How is versioning handled, though. I.e. what if I (being an evil attacker) push a file with the same name you're using for your popular script? Will it then be overwritten and distributed to all the happy users of your script? Hannes |
