Re: SV: Re: SV: Re: SV: Re: Integration with Bugtracking Systems / Issue trackers

From: <sverhagen_at_wps-nl.com>
Date: 2006-08-25 13:14:32 CEST

> The second line must not be optional. A button caption is
> mandatory - otherwise we'd have to name the button '1',
> '2' or '3' :)

I was actually thinking of making some sort of default that could be what
you describe. The result would be that people in most cases actually WILL
fill out the second line, but fair enough, let's just make it illegal not
to enter that second line.

> Ok. Suppose an open source project decides to use this
> feature. I join the project, upload some malicious executable
> to the repository* and changes the tsvn:linkedapp:x-property
> to point to the evil exe.

Agreed. The security is an issue I did not address. How about asking the
user on first use if he/she agrees on running the file or opening the web
page?
If we would be asking this kind of confirmation, does Tortoise have a
system in place for persisting such user preferences?

Are all the properties persisted server-side, otherwise this one would
possibly be a candidate not to be, based on these security concerns.

> Where do you want to get the username and password from? Yes,
> Subversion stores them if you ask it to, but there's no way to
> find the right one without contacting the repository first -
> and that's something I won't allow in the commit dialog.

Does this mean I won't have the password available every time, or just when
a user did not yet previously save the password in Tortoise?
If that's the case I'll be forced to have my companion software to store
its own password settings.

How is it the case, like you say, that Subversion stores the password?
Isn't it Tortoise? Because I am not actively running any client software
from Subversion (apart from Tortoise, I mean).

Did you think about any possible additional escape characters?

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Aug 25 13:14:46 2006

This message: [ Message body ]
Next message: sverhagen_at_wps-nl.com: "Re: Tortoise SVN Worldwide Usage"
Previous message: Stefan Küng: "Re: Tortoise SVN Worldwide Usage"
In reply to: Stefan Küng: "Re: SV: Re: SV: Re: SV: Re: Integration with Bugtracking Systems / Issue trackers"
Next in thread: Stefan Küng: "Re: SV: Re: SV: Re: SV: Re: Integration with Bugtracking Systems / Issue trackers"
Reply: Stefan Küng: "Re: SV: Re: SV: Re: SV: Re: Integration with Bugtracking Systems / Issue trackers"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]