Re: svnadmin create and not being method agnostic

From: Stefan Sperling <stsp_at_elego.de>
Date: Mon, 3 Jan 2011 14:19:43 +0100

On Sat, Jan 01, 2011 at 10:29:22PM -0500, Nico Kadel-Garcia wrote:
> You've just made my point that it should be automated upstream.

Instead of riding on the obvious shortcomings of a two-line shell
script I was using to badly illustrate an idea, why don't you spend
time writing up a "Setting up Subversion securely" article?
I think you do have the knowledge to do that.
And it would benefit users a lot because we could improve the
documentation based on it.

> And that's fair. Here's a very lightweight, testable, and reverse
> compatible change that would notably improve security models going
> forward. Enjoy.

You have been glossing over one open issue I see with your proposal,
which I have mentioned before:

What if users run svnserve like this:
svnserve --config-file /etc/svnserve.conf
Should we then still require an svnserve.conf file to be present
in each repository? Even if this svnserve.conf is not used?
Note that per-repos configs do not override the global ones (and we
can't change that), so there's potential for confusion about where
settings actually come from.

I'd rather use a separate marker file (like the git-daemon-export-ok file
in git), but we cannot use a new marker file because of backwards compat.
Received on 2011-01-03 14:20:38 CET

This message: [ Message body ]
Next message: Stefan Sperling: "Re: svnadmin create and not being method agnostic"
Previous message: Torsten Krah: "svnadmin: Can't write to stream: File too large"
In reply to: Nico Kadel-Garcia: "Re: svnadmin create and not being method agnostic"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]