[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Milestone 2: authentication and authorization

From: Jim Blandy <jimb_at_zwingli.cygnus.com>
Date: 2000-12-15 16:45:47 CET

Greg Hudson <ghudson@MIT.EDU> writes:
> > I'm thinking of some table indexed by path, then revision number,
> > with some nice, meaningful ordering to allow range searches...
>
> I had this idea too. However, it means when you copy a file it
> doesn't necessarily start out with the same permissions for others,
> which could be a least-surprise security issue in some cases.

The code for renaming, etc. would need to know about this table, and
keep it up to date.

> I've been wondering whether there is a qualitive difference between
> the proper management of read permission versus write permission, and
> whether our system should reflect that. If you want to restrict read
> access to a resource, it is because the data itself is private. If
> you want to restrict write access to a resource, it is because the
> location is important; you don't particularly care if someone makes a
> modified copy of the data at some other location. Also, you're much
> more likely to want to make a repository world-readable by default
> than to make it world-writable by default.

But whether /a and /b are identical is important information. Even
for read-only access, it's not just the data itself; it's where it is.
Received on Sat Oct 21 14:36:17 2006

This is an archived mail posted to the Subversion Dev mailing list.