One thing I'd like to see resolved before 1.4 goes out the door is the
question about providing a way to limit access to replay
functionality. The argument is that replay and svnsync encourage
users to put a rather high amount of load on a system, so we should
provide users with a way to either turn it off, or hopefully just turn
it off for part of the system. For example you might want to limit
the ability to run replay over the entire repository to specific
users, but allow anyone interested to replay subsets of it (i.e. a
specific branch).
Note that replay is not the only thing vulnerable to this problem,
update can be just as dangerous if applied correctly. So ideally we'd
want some sort of system that lets us limit access to all sorts of
things, not just replay.
The last time I brought some of this up, I also posted an apache
module that allowed you to keep people from doing silly things like
checking out the root of the repository. This could fairly easily be
extended to support more things, like replay, but obviously it is
limited to mod_dav_svn servers, and a more generic approach would be
nice.
Alternatively, we could put hook scripts in place to allow users to
control such things. A pre-replay hook would allow you to keep people
from replaying large chunks of your repository, a pre-update hook
could stop checkouts of really big trees, etc. But do we really want
to be calling hook scripts for this sort of thing? Note that there is
some demand for this stuff, as a pre-checkout hook script patch has
been sent in already by one of our users.
Finally, we could bake support for this stuff right into libsvn_repos,
but I suspect such a thing would grow into a rather complex
undertaking due to the scope of the problem, and I'm not sure we want
to go there.
I'm not sure what the right solution is, but I'd like to come up with
an acceptable one before we branch 1.4.x. Personally at the moment
I'm leaning towards either hook scripts or a cleaned up version of my
apache module, but that's just me.
Thoughts?
-garrett
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Apr 8 02:28:29 2006