Re: AW: AW: AW: How to check integrity of database?

On Oct 6, 2005, at 10:47 AM, Leon Zandman wrote:

>> We don't bother to checksum them, because they are
>> unversioned, and you shouldn't be storing anything critical
>> in there anyway.
>>
>
> I don't understand why you don't checksum the properties. I do
> understand why the properties/log messages aren't versioned, but I'd
> still like to know when my repository has been corrupted somehow.
>

Okay, well, i've copied greg, who made this design decision, AFAIK.

I imagine it was done because it would have complicated the file format.

> I used to trust my nightly batch run of "svnadmin verify"'s to
> inform me
> when something has gone wrong. But as I understand now some external
> event (virus, disk damage) might alter the property part of the
> repository database and "svnadmin verify" might never notice this. I'm
> not really happy about this...

You should never rely on a single thing to tell you whether you have
valid data integrity or not.
There are always cases svnadmin verify couldn't ever notice, even if
you checksummed everything, because a smart virus could simply update
the checksums!

I don't see why the line you've drawn is any better or worse than the
line we've drawn.

I'm involved in quite a few information security committees, etc, and
i can tell you with absolute certainty that when it really comes down
to it, you need a lot more than subversion could ever give you to be
able to say that the data you have is the data you originally had.

(one company that specializes in this is http://www.proofspace.com/)

--Dan

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 6 17:02:29 2005