1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# This file is for listing TODOs for branches that are being worked on.
# It should ALWAYS be empty in the mainline or in integration branches.
#
#
Security: it should be impossible, by default, to access files above the base of
the backing transport of the SmartServerRequestHandler. Currently '..' and the
like are not vetted, however.
Similarly, the SmartWSGIApp should also be careful to disallow '..' and the
like.
We should test that we upgrade branches and repositories through the smart
server.
The Remote*Format and RemoteBzrDir/Repository/Branch need to stop deriving from
classes which implement any of their methods using VFS facilities. This
probably means rearranging the class heirarchy to introduce new base classes
with no functionality implemented by VFS.
Implement RemoteBzrDir.find_repository directly for performance.
decide what to do when operating on a branch on a server that is bound to another.
urlutils.* operations on URLS which are obtained from a chrooted transport may be used to escape the chroot.
|