Re: merge tracking: rejecting commits from svn clients < 1.5

John Peacock wrote:
> Blair Zajac wrote:
>> With mod_dav_svn, I guess we can get the client version string and use
>> that? Would the easy way be to reject commits at the Apache level and
>> parse the client's name?
>>
>> But what about file:/// or svn:// access?
>
> file:/// access is, pretty much by default, not something that you would want to
> allow any sort of public access. svn:// is only slightly better, from a
> security standpoint. I don't think it is *too* much of a loss if we only
> provided a way to block back-rev'd client access under Apache.
>
> My 2 cents...
>
> John
>

I think we would still want to force a way for a pre-commit script to
reject a client using file:///.

I'm aware of a number of shops that set up a fsfs repository on a
Windows share and you can never tell when somebody will interact with
the repository with an older client.

So maybe the way of indicating to the client is to set a
SVN_CLIENT_CAPABILITIES environmental variable to a comma separated list
or however HTTP formats capabilities to clients to be consistent. A svn
1.5 client using file:/// would set this before running the start-commit
and pre-commit hooks. That way you could easily write a test:

echo $SVN_CLIENT_CAPABILITIES | grep merge-tracking >/dev/null
if test "$?" -ne 0; then
   echo "Your Subversion client needs merge tracking support" 1>&2
   exit 1
fi

Regards,
Blair

-- 
Blair Zajac, Ph.D.
<blair@orcaware.com>
Subversion training, consulting and support
http://www.orcaware.com/svn/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org