Added a comment
authorhttp://smcv.pseudorandom.co.uk/ <smcv@web>
Fri, 21 Dec 2012 11:02:19 +0000 (07:02 -0400)
committeradmin <admin@branchable.com>
Fri, 21 Dec 2012 11:02:19 +0000 (07:02 -0400)
doc/forum/ikiwiki_and_big_files/comment_2_2d996f1124aedc10f345139c3d8b11df._comment [new file with mode: 0644]

diff --git a/doc/forum/ikiwiki_and_big_files/comment_2_2d996f1124aedc10f345139c3d8b11df._comment b/doc/forum/ikiwiki_and_big_files/comment_2_2d996f1124aedc10f345139c3d8b11df._comment
new file mode 100644 (file)
index 0000000..6a11d9a
--- /dev/null
@@ -0,0 +1,19 @@
+[[!comment format=mdwn
+ username="http://smcv.pseudorandom.co.uk/"
+ nickname="smcv"
+ subject="comment 2"
+ date="2012-12-21T11:02:19Z"
+ content="""
+Unfortunately, ikiwiki [[doesn't follow symlinks for security
+reasons|security]] - if it did, anyone who can commit to the wiki
+repository could publish any file readable by the user who runs ikiwiki,
+including secrets like `~/.gnupg/secring.gpg` or
+`~/.ssh/identity`.
+
+git-annex relies on symlinks, so that restriction breaks it.
+It would be great to be able to use some restricted, safe subset
+of symlinks (\"relative symlinks that point into `.git/annex`\" would
+be enough to support git-annex), and I've looked into it in the past.
+My [[plugins/contrib/album]] plugin would benefit from being able
+to annex the actual photos, for instance.
+"""]]