[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Re: Autoexpanding ZIP archives?

From: André Pönitz <andre_at_wasy.de>
Date: 2005-12-08 08:04:55 CET

> Are you arguing on this basis that the server should be able to tell the
> client to run arbitrary code? That's not acceptable. People use
> Subversion to version things other than source code, and by running "svn
> co" they aren't consenting to give the server full access to their
> client machines.

Maybe that's a decision that's not necessary to make for the
subversion developer but rather for the users.

If both the server and the client agree that scripting is ok,
so why should _you_ forbid it? Just because it might be not
a good idea if one of both does not agree?

It looks like a --allow-client-side-scripts-and-I-accept-
all-consequences-including-a-wiped-harddisk switch would
make a decent compromise.

I completely understand that such a feature is a considerable
task with possibly not much benefit for your own life, so you
(and other subversion developers) do not want to do that.

But if so, please try to make _that_ clear, and do not use
(no offense meant) made-up arguments on security.

I can assure you, that in the "Real World" people would be glad
to see that feature implemented and security issue would be
handled by a note saying "Don't do silly things". If at all.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Dec 8 08:11:15 2005

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.