[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.2 features: svn ls

From: John Szakmeister <john_at_szakmeister.net>
Date: 2005-03-09 22:46:58 CET

On Wednesday 09 March 2005 15:03, John Peacock wrote:
> John Szakmeister wrote:
> > However, we have other
> > ongoing projects that they aren't even allowed to know exist.
>
> Just to inject a little sanity here: creating a SVNParentPath-like
> feature in svnserve would be optional, just like the mod_dav_svn
> version. If you don't want to enumerate the individual repositories
> under the parent directory, you don't enable that option.

To be honest, we don't use svnserve right now because of the lack of path
authorization. However, that said, if we can still require
authentication to get the listing, and moreover, be able to filter out
any repositories that a person doesn't have access to, then it would be
more useful. My main point was providing an argument as to why just
blatantly listing the repositories isn't an acceptable behavior. :-)

> One problem from the standpoint of doing this with svnserve is that
> there isn't a single configuration file for svnserve to consult, like
> there is when running under Apache (each repository has its own). You
> could certainly add a commandline option to svnserve to trigger this
> behavior, but there are going to be people who want to password-protect
> even the listing of the repositories. I suppose that could be dealt
> with by having a svnserve.conf file located in the root directory with
> some appropriate stanzas.
>
> FWIW, I would like to have this feature available. I use a tunneled
> svn session to what are actually SVK repositories (Subversion plus
> custom properties) so I can have all of my config files and
> applications in a central location and check out copies on multiple
> servers. I prefer to use seperate repositories since it makes it
> really easy to mirror some remote project, make local changes, etc.
> Then later I can decide I'm not using that software anymore and just
> delete the repository (without needing to have the history around any
> more).

I can agree it's useful, I just want to make sure that the security
concerns (authorization and authentication) are thought about. :-)

-John

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Mar 9 22:51:54 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.