Move non wiki related files out of wiki/src subdir
As we want to create a autopush for Weblate, it may be problematic, if scripts try to load configurations from directories and weblate drops a
*po file into it.
List of files with executable flag:
find wiki -perm -u+rwx -type f | grep -v ".po$" wiki/src/lib/js/jquery.min.js wiki/src/contribute/l10n_tricks/doc-whatchanged wiki/src/contribute/l10n_tricks/transifex_translators.sh wiki/src/contribute/l10n_tricks/language_statistics.sh wiki/src/contribute/l10n_tricks/git-clean-po wiki/src/contribute/l10n_tricks/unifyPo.py wiki/src/contribute/how/documentation/compress-image.sh wiki/src/contribute/how/documentation/qrcode-decode.sh wiki/src/contribute/how/documentation/qrcode-encode.sh wiki/src/blueprint/greeter_revamp_UI/mockups/mockup.py wiki/src/blueprint/mumble-server
Related to Tails -
#1 Updated by hefee 2019-05-24 18:12:35
- Parent task set to
> > intrigeri: this is what I have in mind:
> > […]
> Ah, OK! These files are there as “attachments” to website pages. We can certainly move them elsewhere (except JQuery, which is used by our website and has to stay there). We’ll need to update the links so they point to Git with
#2 Updated by hefee 2019-05-24 18:22:53
> hefee wrote:
> > enrico wrote:
> > > For example, an attack scenario could be adding a .po file that contains malicious commands into a config directory read by something that does something like
for file in myconfig.rc/*; do source $file; done
> > I see, maybe we need to move all non wiki files out of wiki/src, so that this folder only contains data and no configs.
> I’m leaving this discussion to the people who are in charge of the design; I see no reason to block in a review given the current specification, and I’d leave this discussion to the specification of a following release, so at least something useful can get deployed in the meantime.
#3 Updated by intrigeri 2019-06-01 12:46:37
> I’d leave this discussion to the specification of a following release, so at least something useful can get deployed in the meantime.
Agreed (and translating it into Redmine-speak: a subtask of
Bug #15402 would block its completion, which I’d rather not to).