[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: merge tracking: rejecting commits from svn clients < 1.5

From: Daniel Rall <dlr_at_collab.net>
Date: 2007-02-13 02:18:12 CET

On Mon, 12 Feb 2007, John Peacock wrote:

> Blair Zajac wrote:
> > With mod_dav_svn, I guess we can get the client version string and use
> > that? Would the easy way be to reject commits at the Apache level and
> > parse the client's name?
> >
> > But what about file:/// or svn:// access?

Was this in response to my recent addition to the func spec?

I tend to agree...

> file:/// access is, pretty much by default, not something that you would want to
> allow any sort of public access. svn:// is only slightly better, from a
> security standpoint. I don't think it is *too* much of a loss if we only
> provided a way to block back-rev'd client access under Apache.

We could do some type of client capabilities detection, and pass that
on to the hook scripts via a new parameter or environment variable.
Client capabilities aren't easily detectable in a mod_dav_svn
environment, however...

  • application/pgp-signature attachment: stored
Received on Tue Feb 13 02:18:28 2007

This is an archived mail posted to the Subversion Dev mailing list.