On Tue, 25 Jul 2017 at 05:31:19, Eli Schwartz wrote:
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `AUR_OVERWRITE=1 git push --force`
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> --- INSTALL | 1 + aurweb/git/auth.py | 2 ++ aurweb/git/update.py | 3 ++- doc/git-interface.txt | 6 ++++++ 4 files changed, 11 insertions(+), 1 deletion(-) [...]
Looks good. Queued, thanks!