[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.3.0-rc4 tarballs up for testing/signing

From: Peter N. Lundblad <peter_at_famlundblad.se>
Date: 2005-11-23 13:38:33 CET

On Wed, 23 Nov 2005, Peter N. Lundblad wrote:

> On Wed, 23 Nov 2005, Erik Huelsmann wrote:
>
> > On 11/23/05, David Anderson <david.anderson@calixo.net> wrote:
> > kfogel@collab.net wrote:
> > > David, FWIW I did my usual comparison of the tarball source with the
> > > 1.3.x tree. There were 27,192 lines of differences
> >
Interesting. I unpacked the tarball, exported the tag and ran diff -u on
it. It gives the following:

Common subdirectories: subversion-1.3.0-rc4/ac-helpers and exported/ac-helpers
Only in subversion-1.3.0-rc4: apr
Only in subversion-1.3.0-rc4: apr-util
Common subdirectories: subversion-1.3.0-rc4/build and exported/build
Only in subversion-1.3.0-rc4: build-outputs.mk
Only in subversion-1.3.0-rc4: ChangeLog.CVS
Only in subversion-1.3.0-rc4: configure
Common subdirectories: subversion-1.3.0-rc4/contrib and exported/contrib
Common subdirectories: subversion-1.3.0-rc4/doc and exported/doc
Only in subversion-1.3.0-rc4: gen-make.opts
diff -u subversion-1.3.0-rc4/INSTALL exported/INSTALL
--- subversion-1.3.0-rc4/INSTALL 2005-10-24 18:34:22.000000000 +0200
+++ exported/INSTALL 2005-10-24 18:34:22.794990000 +0200
@@ -3,7 +3,7 @@
                           A Quick Guide
                ======================================

-$LastChangedDate: 2005-10-24 18:34:22 +0200 (lun, 24 oct 2005) $
+$LastChangedDate: 2005-10-24 18:34:22 +0200 (mån, 24 okt 2005) $

 Contents:
Only in subversion-1.3.0-rc4: neon
Common subdirectories: subversion-1.3.0-rc4/notes and exported/notes
Common subdirectories: subversion-1.3.0-rc4/packages and exported/packages
diff -u subversion-1.3.0-rc4/README exported/README
--- subversion-1.3.0-rc4/README 2005-09-09 18:03:59.000000000 +0200
+++ exported/README 2005-09-09 18:03:59.923172000 +0200
@@ -2,7 +2,7 @@
                Subversion, a version control system.
                =====================================

-$LastChangedDate: 2005-09-09 18:03:59 +0200 (ven, 09 sep 2005) $
+$LastChangedDate: 2005-09-09 18:03:59 +0200 (fre, 09 sep 2005) $

 Contents:

Common subdirectories: subversion-1.3.0-rc4/subversion and exported/subversion
Only in subversion-1.3.0-rc4: subversion_msvc.dsw
Common subdirectories: subversion-1.3.0-rc4/tools and exported/tools
diff -u subversion-1.3.0-rc4/TRANSLATING exported/TRANSLATING
--- subversion-1.3.0-rc4/TRANSLATING 2005-09-05 20:54:50.000000000 +0200
+++ exported/TRANSLATING 2005-09-05 20:54:50.917764000 +0200
@@ -7,7 +7,7 @@
                    Guide to translating Subversion
                    ===============================

-$LastChangedDate: 2005-09-05 20:54:50 +0200 (lun, 05 sep 2005) $
+$LastChangedDate: 2005-09-05 20:54:50 +0200 (mån, 05 sep 2005) $

 * Introduction
 * Software version requirements
Common subdirectories: subversion-1.3.0-rc4/www and exported/www

As Erik suggests, we have a few places with keyword expansion (but not
27000 lines...). The rest is added generated files and dependencies.

But this does of course not buy us any "security", since Dave could well
trojan neon or APR:-) But it might catch some stupid mistakes.

IF we want to protect against a malicous RM, we need to repeat the exact
steps to create the tarballs and then compare the output. But... well...
do we really need that level of paranoia?

(BTW, dave, looking at the expanded keywords, you seem to have used a
non-English locale when exporting. YOu might want to change that for the
final release. This is just for weekday names, so it is so minor that my
fingers start hurting when I write this paragraph...)

Regards,
//Peter

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Nov 23 13:39:44 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.