Today, I sat down with lattera & Shirkdog and converted the website repository from subversion to git. That repo is sitting there, ready to go. That process took about an hour.
We ran this command:
git svn clone --ignore-paths="^(api.freshports.org|backend|convert|daemontools|database-schema|dataconversion|db-conversion|develop|ports|scripts|scripts-fp2|secure|walkports)" svn+ssh://dan@svn.int.unixathome.org/usr/local/svn/repos/freshports-1
Yeah, I didn’t want to include all that that code in the repo. Various reasons, but mostly because they are not related to the website.
What’s in there?
I found some passwords in there. They are in sample configuration files. They are neither production nor development passwords. At one they, they were used.
You’ll also find cookie encoding functions. If you know someone’s login name, you can figure create your own cookie and login as them.
What do I have to do first?
Here’s what I have to do before I’m ready to upload the code to GitHub.
- check passwords
- change cookie encoding
In the meantime, if you have any questions, we’re on IRC at #FreshPorts on FreeNode.
Yeah, it’s more vulnerable now
I admit it. FreshPorts is now easier to attack, given you have all the web source. Or will, soon.
I’ve made the cookie changes.
I’ve changed the passwords. I guess it’s time to upload the repo.
I use FreshPorts on a daily basis. Once you get this moved over to Github, I would love to contribute! I think it’s time FreshPorts gets a bit of a makeover… Please let me know how I can help once it’s ready for pull requests!
It’s there.