[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: We need to release 1.0.9 and 1.1.1 with r11211 ASAP

From: Ben Reser <ben_at_reser.org>
Date: 2004-10-05 01:30:35 CEST

On Tue, Oct 05, 2004 at 12:48:02AM +0200, Tobias Ringström wrote:
> Ariel Arjona wrote:
> >Ben, to clarify, the issue is more serious than it might intially seem
> >if you use TSVN. Every time you try to expand a folder in the repo
> >browser it's a ls operation. The bug makes it slow to the point of
> >making it unusable.

Is it really that bad? If it was that bad why did we get 1.1.0 out
without anyone raising the alarm bells? When this ls issue was brought
up to us on 1.1.0 release day, it was presented as a minor slow down.
Now it makes the software unusable...

> Or to clarify even further, it's so slow that you really can't use "svn
> ls" or anything else that uses RA->get_dir. List operations that used to
> take a second now takes several minutes during which the server's httpd
> process consumes 100% CPU. Hey, we could even call it a security
> problem, because if you run a few "svn ls -R URL" in parallell, you'll
> DoS that server very efficiently.

We don't consider DoS issues security issues. We had a long debate
about this on the security list. It'll always be possible to DoS a
machine because the machine has limited resources...

> The only reason I can imagine not to release an 1.0.9 is to try to force
> people over to 1.1.x, but I don't think it's fair. We should lure people
> to 1.1.x using new cool features, not by crippling 1.0.x releases.

No my philosophy on 1.0.9 as of 1.0.8 was to touch it only for the
follow reasons:

* Security fixes (DoS doesn't count see above).
* Dataloss issues.

If we do a release for a dataloss bug I have no problem including other
fixes. We did 1.0.7 so that little nitpicky things could be cleaned up
before we stopped doing releases with 1.0.8.

It was already nearly impossible to get anyone to vote on 1.0.x STATUS
issues before we even got 1.1.0 out of the door. There is simply little
developer interest in maintaining 1.0.x. Even less so now that 1.1.0 is
out the door.

As a result I have little interest in running around chasing people to
get votes so I can release 1.0.x releases with something in them.

That said, if this issue is really so bad I suppose I can cut a 1.0.9,
but everyone else with an issue they want fixed on 1.0.x better get it
included in that release, or it isn't going to go into a 1.0.x release
baring one of the above two issues.

As far as 1.1.x, there are a number of issues that deserve to be in a
1.1.1 release. We need to get those fixed first. I'm not going to get
in the habit of cutting a release to for the annoying problem of the
week. We talked about this issue at 1.1.0 release time, we decided it
would wait till 1.1.1.

-- 
Ben Reser <ben@reser.org>
http://ben.reser.org
"Conscience is the inner voice which warns us somebody may be looking."
- H.L. Mencken
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 5 01:30:45 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.