Marc Singer <elf@buici.com> writes:
> 1) Obviously, a permissions check, if there is one, belongs in the
> filesystem driver.
>
> 2) The cost of the check is minimal. Stat'ing a dozen files is cheap
> because the OS caches the data. Subsequent access by BDB will open
> the same files using the cached data.
>
> 3) The expense of not performing it is kinda high when we see how
> often permissions problems plague users. If Subversion isn't easy
> to use then it won't be used. Admonishing people for failing to
> read the documentation is a poor sales pitch.
>
> 4) AFAICT, there is no fix to be made in svnadmin because this isn't
> really a setup issue. People change the way that they use
> their repositories. Sometimes that new behavior, while valid in
> concept, isn't well executed. It would be *way* helpful if the
> program let the user know more explicitly what the problem is.
>
> The HACKING guide suggests to me that the project bears the value of
> sturdy design:
>
> Input validation is the act of defining legal input and rejecting
> everything else. The code must perform input validation on all
> untrusted
> input.
>
> I asked the question to see if this has come up before. It appears
> that it hasn't.
Actually, I believe that it has, and it was rejected because there is no
logical mapping between UNIX fs permissions and Windows fs ACLs. I
recall the consensus being that it wasn't worth it to stuff in a whole
bunch of platform specific hoo-ha to accomodate this buglet.
-Fitz
--
Brian W. Fitzpatrick <fitz_at_red-bean.com> http://www.red-bean.com/fitz/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Sep 5 04:57:52 2003