diff --git a/doc/forum/ikiwiki_and_big_files/comment_2_2d996f1124aedc10f345139c3d8b11df._comment b/doc/forum/ikiwiki_and_big_files/comment_2_2d996f1124aedc10f345139c3d8b11df._comment new file mode 100644 index 000000000..6a11d9ae2 --- /dev/null +++ b/doc/forum/ikiwiki_and_big_files/comment_2_2d996f1124aedc10f345139c3d8b11df._comment @@ -0,0 +1,19 @@ +[[!comment format=mdwn + username="http://smcv.pseudorandom.co.uk/" + nickname="smcv" + subject="comment 2" + date="2012-12-21T11:02:19Z" + content=""" +Unfortunately, ikiwiki [[doesn't follow symlinks for security +reasons|security]] - if it did, anyone who can commit to the wiki +repository could publish any file readable by the user who runs ikiwiki, +including secrets like `~/.gnupg/secring.gpg` or +`~/.ssh/identity`. + +git-annex relies on symlinks, so that restriction breaks it. +It would be great to be able to use some restricted, safe subset +of symlinks (\"relative symlinks that point into `.git/annex`\" would +be enough to support git-annex), and I've looked into it in the past. +My [[plugins/contrib/album]] plugin would benefit from being able +to annex the actual photos, for instance. +"""]]