[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: We need to release 1.0.9 and 1.1.1 with r11211 ASAP

From: Mark Phippard <MarkP_at_softlanding.com>
Date: 2004-10-05 02:47:33 CEST

Ben Reser <ben@reser.org> wrote on 10/04/2004 07:30:35 PM:
> Is it really that bad? If it was that bad why did we get 1.1.0 out
> without anyone raising the alarm bells? When this ls issue was brought
> up to us on 1.1.0 release day, it was presented as a minor slow down.
> Now it makes the software unusable...

Yes, it is "that bad". Read what Tobias posted when he began this thread:

-- quote
 The security fixes introduced in 1.0.8 and 1.1.0-rc4 made RA->get_dir
 (and therefore "svn ls") over ra_dav "glacially slow" (as someone
 described it on users@). For a simple test case of mine, an ls of 412
 files that used to take 1.5 s now took around six minutes, i.e. it's 240
 times slower, but it could be a lot slower still depending on the
 circumstances. This is a showstopper performance regression for many
-- end quote

Why did 1.1 "get out"? Well, how long was RC4 soaked? Also, when RC4 was
it was well known that 1.1 release was coming soon. So "users", like
myself, just
waited for the release.

> We don't consider DoS issues security issues. We had a long debate
> about this on the security list. It'll always be possible to DoS a
> machine because the machine has limited resources...

Wasn't one of the first security patches in the 1.0.x release to fix a
potential DoS
in svnserve?

> No my philosophy on 1.0.9 as of 1.0.8 was to touch it only for the
> follow reasons:
> * Security fixes (DoS doesn't count see above).
> * Dataloss issues.

Fair enough, but in hindsight this was probably a faulty patch for the
security problem.
Yes, it fixed it, but it introduced a major performance regression.
Personally, I have
no objection to a 2 week wait for a 1.1.1, but it would be nice to see
some "momentum" pick up
around organizing that release. That is, assuming the reason to wait is
to get some other
patches into the release, perhaps some kind of call to start nominating
those patches could begin
soon so that you have time to gather the necessary review and votes in


Scanned for SoftLanding Systems, Inc. by IBM Email Security Management Services powered by MessageLabs.

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 5 02:47:58 2004

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.