Re: merge tracking: rejecting commits from svn clients < 1.5

From: Daniel Rall <dlr_at_collab.net>
Date: 2007-02-13 02:18:12 CET

On Mon, 12 Feb 2007, John Peacock wrote:

> Blair Zajac wrote:
> > With mod_dav_svn, I guess we can get the client version string and use
> > that? Would the easy way be to reject commits at the Apache level and
> > parse the client's name?
> >
> > But what about file:/// or svn:// access?

Was this in response to my recent addition to the func spec?
http://subversion.tigris.org/merge-tracking/func-spec.html#migration-and-interoperability

I tend to agree...

> file:/// access is, pretty much by default, not something that you would want to
> allow any sort of public access. svn:// is only slightly better, from a
> security standpoint. I don't think it is *too* much of a loss if we only
> provided a way to block back-rev'd client access under Apache.

We could do some type of client capabilities detection, and pass that
on to the hook scripts via a new parameter or environment variable.
Client capabilities aren't easily detectable in a mod_dav_svn
environment, however...

application/pgp-signature attachment: stored

Received on Tue Feb 13 02:18:28 2007

This message: [ Message body ]
Next message: Blair Zajac: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Previous message: John Peacock: "Re: merge tracking: rejecting commits from svn clients < 1.5"
In reply to: John Peacock: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Next in thread: Blair Zajac: "Re: merge tracking: rejecting commits from svn clients < 1.5"
Reply: Blair Zajac: "Re: merge tracking: rejecting commits from svn clients < 1.5"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]