Ben Reser <ben@reser.org> wrote on 10/04/2004 07:30:35 PM:
>
> Is it really that bad? If it was that bad why did we get 1.1.0 out
> without anyone raising the alarm bells? When this ls issue was brought
> up to us on 1.1.0 release day, it was presented as a minor slow down.
> Now it makes the software unusable...
Yes, it is "that bad". Read what Tobias posted when he began this thread:
-- quote
The security fixes introduced in 1.0.8 and 1.1.0-rc4 made RA->get_dir
(and therefore "svn ls") over ra_dav "glacially slow" (as someone
described it on users@). For a simple test case of mine, an ls of 412
files that used to take 1.5 s now took around six minutes, i.e. it's 240
times slower, but it could be a lot slower still depending on the
circumstances. This is a showstopper performance regression for many
users.
-- end quote
Why did 1.1 "get out"? Well, how long was RC4 soaked? Also, when RC4 was
created
it was well known that 1.1 release was coming soon. So "users", like
myself, just
waited for the release.
> We don't consider DoS issues security issues. We had a long debate
> about this on the security list. It'll always be possible to DoS a
> machine because the machine has limited resources...
Wasn't one of the first security patches in the 1.0.x release to fix a
potential DoS
in svnserve?
> No my philosophy on 1.0.9 as of 1.0.8 was to touch it only for the
> follow reasons:
>
> * Security fixes (DoS doesn't count see above).
> * Dataloss issues.
Fair enough, but in hindsight this was probably a faulty patch for the
security problem.
Yes, it fixed it, but it introduced a major performance regression.
Personally, I have
no objection to a 2 week wait for a 1.1.1, but it would be nice to see
some "momentum" pick up
around organizing that release. That is, assuming the reason to wait is
to get some other
patches into the release, perhaps some kind of call to start nominating
those patches could begin
soon so that you have time to gather the necessary review and votes in
STATUS?
Mark
_____________________________________________________________________________
Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.
_____________________________________________________________________________
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 5 02:47:58 2004