On Tue, Jan 12, 2010 at 05:51:53PM +1300, martin f krafft wrote: > If the MDA delivers to Git, then potentially, you might get into > a situation where you cannot write your own changes back to the > repo. This is also a DoS scenario: I'll just keep sending you > e-mail, and if I manage to pass your mail filters, I'll basically > commit to your mail repository at regular intervals. Say those are > 5 seconds. In order for you to write updates to the repo, e.g. to > update tags, then you would need to pull, rebase, and push all > within 5 seconds, for otherwise you'd try to push non-fast-forwards. > > This a bit unrealistic, surely, but there's a real annoyance in it: > you'd have to pull/rebase/push until a push succeeds — until you > found a time window between pull and push during which the MDA > didn't write to the repo. This might take a long time. If this > happens in the background by Cron, it's not a real concern, but if > this becomes a UI issue, I wouldn't know how to handle it. What about if just the tag information is stored in the repository, and not the mail itself? In that case only the user would be pushing into the repo and you wouldn't have to worry about the DoS scenario. jamie.