[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: RFC: Subversion security model in need of update

From: Mark Phippard <markphip_at_gmail.com>
Date: Thu, 12 Mar 2009 14:31:47 -0400

On Thu, Mar 12, 2009 at 2:18 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
> Mark Phippard wrote:
>> On Thu, Mar 12, 2009 at 1:39 PM, C. Michael Pilato <cmpilato_at_collab.net> wrote:
>>> Ben Collins-Sussman wrote:
>>>> This is the *best* explanation I've ever seen of the problem.  Mucho
>>>> applause!  So much easier to understand.  I agree with everything you
>>>> said.
>>>>
>>>> I don't have any brilliant ideas about the 2 showstoppers right now,
>>>> but it's great to have it all laid out like this.
>>> I've filed issue #3380 for tracking the necessary overhaul, and will toss an
>>> item into tasks.html for this.
>>
>> Changing the security model seems relatively straight forward and I
>> imagine the only real barrier to just doing it is that the current WC
>> leaks too much information in the entries file.  So what exactly is
>> the RFC about?  Ideas about how to make the WC less leaky?  Whether
>> the current leakage is OK?  or something else?
>
> Well, I'd certainly like to solve the leakage problem, but gstein has me
> convinced that that's not really possible.  The RFC was mostly aimed at
> changing the security model.  And lo and behold, you commented on that very
> thing!

I am not really sure what I think about the leakage. I've never
worked in an environment where we tried to hide the existence of
stuff. Deny write access, sure, or deny any access at all to entire
repos, sure. But never the "you can see this but not that" model. So
it is hard to know what people that want that sort of environment care
about.

I can say, that I'd really, really like the ViewVC "browse" model to
work in TortoiseSVN, Subclipse etc. So that you could browse from the
root of the repos down to your area.

-- 
Thanks
Mark Phippard
http://markphip.blogspot.com/
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=1313900
Received on 2009-03-12 19:32:22 CET

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.