Am Montag, 31. Januar 2011, 22:22:40 schrieb Cristian Morales Vega:
2011/1/31 Adrian Schröter <adrian(a)suse.de>de>:
No, and this is on purpose.
There must be the guarantee that the _service: files are really
in the way the services are working. They are used to create the
trust in the uploaded sources. So it will never be allowed to upload
Or we would be in the same situation that a packager or distro owner
needs to review all uploaded tar balls and check against their upstream
This same problem could not be simulated using two SVN repos? I create
my own SVN repo, do the first checkout, and then change the _service
to point to the real SVN?
I don't really know enough about SVN internal working to say...
When you change the _service file, it is part of the source log.
The only way to trick this is to change it on the svn server or doing a
man in the middle attack.
The first would mean that did anyway a mistake to trust this upstream project
and the latter is not that easy to do...
SUSE Linux Products GmbH
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org