Re: Is our revprop auth policy too strict?

Malcolm Rowe wrote:
> On Fri, May 18, 2007 at 04:09:04PM -0400, C. Michael Pilato wrote:
>> "partial" is treated just like "no" access -- in other words, the user can
>> read svn:author and svn:date, but can't change them. That seemed odd to me
>> (and to sussman, when I raise the question elsewhere).
>>
>> Is there a compelling reason to prevent a partial-access-granted user from
>> changing the two properties he's allowed to see?
>>
>
> Not that I can think of. +1 for symmetry.

I wonder if this is correct. Just because you can see part of the commit
information, does that mean it is safe or correct to be able to change it?
Given that the user can not access all of the commit information, I would
think it is improper to allow changes to even those values that can be seen.
After all, it may be very incorrect.

I would say that if you are doing this tight level of access control then
that a revision that a use does not have access to all elements of it should
be "read-only" by definition.

At least that is how I see this. I can not come up with a scenario where
someone who does not have rights to all of the revision should have any reason
or rights to change any part of the revprop - even those that they can see.

PS - even in the repositories where we have this tight security, I have not
seen even one commit that crosses boundaries. This is, most likely, due to
the fact that very few people have rights across boundaries, but even those
that do have never caused such a commit.

-- 
Michael Sinz                     Technology and Engineering Director/Consultant
"Starting Startups"                                mailto:michael.sinz@sinz.org
My place on the web                            http://www.sinz.org/Michael.Sinz
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org