Greg Hudson wrote:
> * Deprecate -u (believe unauthenticated username) and -R
> (read-only), and display a warning if they are used. Remove
> support for them after a few 0.xx Subversion releases.
I agree about deprecating -u, but deprecating -R might have
unanticipated issues. Specifically I'm thinking of the case where write
access only occurs vi svn+ssh, but an anonymous, read only svnserve is
run for other people to use. If I read your proposal correctly, there's
no way to tell the daemon mode server to be read only, while the
tunneled svnserve is read-write.
> * After the repository is selected, serve() looks for a file
> "svnserve.conf" in the repository directory. It understands:
>
> [general]
> believe-usernames = {true|false} # Default is false
> anon-access = {read|write|none} # Default is read
> auth-access = {read|write|none} # Default is write
>
> [users] # For CRAM-MD5 auth
> username = password
>
> While they still work, -u changes the default for
> believe-usernames to true, and -R changes the default for
> auth-access to read.
>
> * When a new repository is created, a template svnserve.conf is
> dropped in, just like we have sample hooks.
>
> Question: Should the default for anon-access be none, instead of read?
> There's something to be said for the theory that all access should be
> granted explicitly, never implicitly. But on the other hand, we are
> targeting open-source projects here. (Also, making the default none
> would present an immediate transition issue for svnserve users.)
I'd say default for anonymous access should be read, so that people can
at least get something to work out of the box without having to tweak
config options. If you're worried about access control, you should be
smart enough to read the docs and turn that off before starting your server.
> Question: When I (hopefully) add path-based auth support, do people
> think I should just fold it into this file, or should it be a separate
> file so that it can have exactly the same format as the mod_authz_svn
> control file?
I have no real opinion on this. Could go either way. It might be nice
to put it in a separate file and then we could make mod_authz_svn look
for that file in the repos by default... That might make it play nicer
with SVNParentPath for example.
-garrett
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 28 21:20:56 2003