[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is our revprop auth policy too strict?

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: 2007-05-21 16:22:15 CEST

Malcolm Rowe wrote:
> On Mon, May 21, 2007 at 09:34:45AM -0400, C. Michael Pilato wrote:
>> Also, I can't conceive of any real harm in letting someone tweak the author
>> or date of a partially-accessible revision. Okay, maybe if there's some
>> custom script in place that emails committers weekly the full log messages
>> of all the commits they made that week ("Subject: What You Did Last Week"),
>> this would let someone claim a revision that wasn't his and possibly see
>> privileged svn:log information when that email hits. But I think that's a
>> stretch.
> You're right, that seems unlikely.
> Given that we already have revprop change hooks, aren't you actually
> asking: "should Subversion force a read-only policy for the partial
> access case"? And given that, I'd say the answer is emphatically not:
> there are some policies that are worth enforcing in the core, but this
> doesn't seem like one of them - let the hook dictate the policy, it's
> what it's there for.

Sorry to be annoying, but are you advocating a staged write access in the
core that matches our staged read access -- the "if you can see it, you can
change it" policy? Or are you saying we should leave all write-blocking to
the hooks?

> (Now, if you want to make a case that the hook should have an easy way
> to _detect_ this partial-access case, I completely agree, but that's a
> different discussion...)

Oh, I've already got a patch ready for commit that does the easy-detection
(for scripts that use the APIs/bindings. :-) That's no sweat.

C. Michael Pilato <cmpilato@collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on Mon May 21 16:22:22 2007

This is an archived mail posted to the Subversion Dev mailing list.