Re: Autoexpanding ZIP archives?

Hadmut Danisch wrote:
> On Wed, Dec 07, 2005 at 01:01:40PM -0500, John Peacock wrote:
>> 1) security;
>> 4) did I mention security?
>
> I think so. But as a person who mainly works in the field of security
> for about 15 years, I do not yet see why such transformations should
> directly imply security problems. Of course, poorly implemented
> scripts could, but that's not an argument.

The issue is that if the Subversion project supports client side
scripting then it is inherent in any such scheme that Subversion is
dependent on the various repository administrators to write competent
code and distribute it to their users.

I have to agree with the consensus opinion of the Subversion developers
that client side scripting is not likely to come about without a great
deal of consideration and planning. At the very least, server-mediated
configuration files (which would typically be used to distribute
something like client scripts) would have to be functional before any
design for client-side hooks could be considered.

And, as Greg points out, there are serious security issues outside of
just the scope of how well written any client scripting may be. Any
solution must permit the client code to ignore the server-provided
scripts. Plus there is the argument over whether to embed Python, Java,
or Perl in the Subversion client. ;)

John

-- 
John Peacock
Director of Information Research and Technology
Rowman & Littlefield Publishing Group
4501 Forbes Boulevard
Suite H
Lanham, MD  20706
301-459-3366 x.5010
fax 301-429-5748
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org