[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: merge tracking: rejecting commits from svn clients < 1.5

From: Blair Zajac <blair_at_orcaware.com>
Date: 2007-02-13 20:58:07 CET

John Peacock wrote:
> Blair Zajac wrote:
>> With mod_dav_svn, I guess we can get the client version string and use
>> that? Would the easy way be to reject commits at the Apache level and
>> parse the client's name?
>> But what about file:/// or svn:// access?
> file:/// access is, pretty much by default, not something that you would want to
> allow any sort of public access. svn:// is only slightly better, from a
> security standpoint. I don't think it is *too* much of a loss if we only
> provided a way to block back-rev'd client access under Apache.
> My 2 cents...
> John

I think we would still want to force a way for a pre-commit script to
reject a client using file:///.

I'm aware of a number of shops that set up a fsfs repository on a
Windows share and you can never tell when somebody will interact with
the repository with an older client.

So maybe the way of indicating to the client is to set a
SVN_CLIENT_CAPABILITIES environmental variable to a comma separated list
or however HTTP formats capabilities to clients to be consistent. A svn
1.5 client using file:/// would set this before running the start-commit
and pre-commit hooks. That way you could easily write a test:

echo $SVN_CLIENT_CAPABILITIES | grep merge-tracking >/dev/null
if test "$?" -ne 0; then
   echo "Your Subversion client needs merge tracking support" 1>&2
   exit 1


Blair Zajac, Ph.D.
Subversion training, consulting and support
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 13 20:58:33 2007

This is an archived mail posted to the Subversion Dev mailing list.