[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Is our revprop auth policy too strict?

From: Garance A Drosihn <drosih_at_rpi.edu>
Date: 2007-05-21 19:47:43 CEST

At 6:05 AM -0400 5/21/07, Michael Sinz wrote:
>I wonder if this is correct. Just because you can see part of the commit
>information, does that mean it is safe or correct to be able to change it?
>Given that the user can not access all of the commit information, I would
>think it is improper to allow changes to even those values that can be seen.
>After all, it may be very incorrect.

As I understand it, the debate is what behavior subversion should allow
by default. I think it makes the most sense to leave the default as it
is, because the owner of any repository can provide wider access if they
believe that is appropriate.

Remember that revision properties are not themselves versioned, so if
some user changes a revision property, then there is no way of knowing
what the original ("correct") value was.

If you have a repository with a lot of committers, and if they really
should have access to the revision properties, then they can go to the
admin of that repo and say "Hey, I need access". Thus the admin will
make the explicit decision whether they want committers to have write
access to the revision properties.

If the default behavior of svn is changed such that committers have
write-access to all revision properties, then they can change those
properties in whatever way they want, and the admin of the repo may
never realize that it's happening. Given that the revision-properties
are not versioned, I personally think this is a bad thing.

>PS - even in the repositories where we have this tight security, I
>have not seen even one commit that crosses boundaries. This is, most
>likely, due to the fact that very few people have rights across
>boundaries, but even those that do have never caused such a commit.

If everyone has access to revision-properties, then I think they'll be
more inclined to make changes, and more likely to make changes which
are mistakes. Really, if 95% of your committers have no ability to
modify the revision properties, then you cannot consider it significant
that they haven't made an inappropriate change. Even the 5% who do
have access will realize that these are important properties that
they shouldn't be changing on a whim, and thus they will be more
careful about what they do with them.

And if you are only giving access to a few developers, then which
developers are you giving access to? The senior developers who have
already proved themselves, or the junior hot-shot freshman college
student developers who think they know everything about programming,
but in fact know nothing about working as part of a large group of

The whole idea of a repository is to accurately track the history of
a given project. You give people commit access, because even if they
totally screwup the commit, you can always find out what the state of
the project was before the mistake was committed. As long as revision
properties are not versioned, then a mistake made when changing a
property will forever lose some small detail of history for the project.

Garance Alistair Drosehn            =   gad@gilead.netel.rpi.edu
Senior Systems Programmer           or  gad@freebsd.org
Rensselaer Polytechnic Institute    or  drosih@rpi.edu
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon May 21 19:47:57 2007

This is an archived mail posted to the Subversion Dev mailing list.