[Bf-docboard] security considerations about building the new blender manual ...
Dan McGrath
danmcgrath.ca at gmail.com
Thu Sep 25 13:08:50 CEST 2014
eek! Ya I didn't consider this, which is partially why I wanted your
feedback on a design that is as secure as possible while not making it a
nightmare for documenters to contribute.
Personally I think it would be difficult (if not impossible) to do anything
securely in automation so long as we have an open repository for the
manual, which is why I still tend to lean towards manual updates to the
live manual by "trusted" humans on occassion. At least I (or others) can
vet changes by hand (I already do this) and notice anything fishy.
On Thu, Sep 25, 2014 at 7:05 AM, Campbell Barton <ideasman42 at gmail.com>
wrote:
> On Thu, Sep 25, 2014 at 8:48 PM, Dan McGrath <danmcgrath.ca at gmail.com>
> wrote:
> > The context of the conversation is lost a bit (it happened on irc).
> >
> > The concern was that since anyone could join the project via phab and get
> > commit access, an automated system would require some defensive design
> and
> > avoid blindly calling "make" as it could be rewritten by a drive-by evil
> > committer and cause the automated system to possibly execute commands.
> >
> > Instead of calling "make" directly I proposed that we could avoid this
> > particular problem by simply invoking sphinx manually. Hopefully sphinx
> > would not have similar issues when done this way?
>
> In that case we have to restrict who can commit, since
> `manual/conf.py` is no more secure then makefiles.
>
> > On Thu, Sep 25, 2014 at 6:41 AM, Campbell Barton <ideasman42 at gmail.com>
> > wrote:
> >>
> >> Why would make be less secure than sphinx-build?
> >>
> >> On Thu, Sep 25, 2014 at 8:32 PM, Gaia <gaia.clary at machinimatrix.org>
> >> wrote:
> >> > Troubled has pointed out in #blendercoders that running "make"
> >> > on the new sphinx based document system is potentially
> >> > dangerous and could even damage the documentor's computer.
> >> > While the chance seems small that this really happens, it still
> >> > seems to be one of the reasons why we do not yet get an
> >> > automated documentation build system.
> >> >
> >> > I think that all documentors should be made aware
> >> > of this problem here:
> >> >
> >> > https://developer.blender.org/project/view/53/
> >> >
> >> > I believe that adding a remark about security and how to
> >> > generate the documentation on a local computer more
> >> > securely is important.
> >> >
> >> > Troubled mentioned the following alternative to make would
> >> > be a safe way to build the docs:
> >> >
> >> > sphinx-build -b html ./manual ./html
> >> >
> >> > The above mentioned document proposes to use the evil
> >> > make instead ...
> >> >
> >> > cheers,
> >> > Gaia
> >> > _______________________________________________
> >> > Bf-docboard mailing list
> >> > Bf-docboard at blender.org
> >> > http://lists.blender.org/mailman/listinfo/bf-docboard
> >>
> >>
> >>
> >> --
> >> - Campbell
> >> _______________________________________________
> >> Bf-docboard mailing list
> >> Bf-docboard at blender.org
> >> http://lists.blender.org/mailman/listinfo/bf-docboard
> >
> >
> >
> > _______________________________________________
> > Bf-docboard mailing list
> > Bf-docboard at blender.org
> > http://lists.blender.org/mailman/listinfo/bf-docboard
> >
>
>
>
> --
> - Campbell
> _______________________________________________
> Bf-docboard mailing list
> Bf-docboard at blender.org
> http://lists.blender.org/mailman/listinfo/bf-docboard
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.blender.org/pipermail/bf-docboard/attachments/20140925/290cdd8f/attachment.htm
More information about the Bf-docboard
mailing list