[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Rejecting commits to a 1.5 server from clients < 1.5

From: Blair Zajac <blair_at_orcaware.com>
Date: 2007-10-23 23:19:44 CEST

Mark Phippard wrote:

>>> We need to be very clear that we're _not doing access control_ here,
>>> so those looking for guaranteed protection from malicious users
>>> shouldn't rely on this facility for it. What we're doing is providing
>>> a nicety that'll keep 99% of the user base from shooting themselves in
>>> the foot, regardless of the fact that we're providing no real
>>> security.
>> Good point. But I wasn't even really thinking about this in a security context,
>> just a capability context. Do we want to conflate the two?
>>
>> Also, should we open a ticket with a 1.5 milestone for this?
>
> If we advertise a way to block clients based on version, and people
> can get around it, some people will accept this and others will see it
> as a problem. I think Dan is just saying if we add something like
> this we probably need to be careful in how we describe it to make it
> clear.

OK. But one way to get people to see it as a problem is to put the word
security in there. It's not really a security issue any way, as least in my
mind, it's more of a data completeness issue, after all, we're not stopping
people from using 1.4 clients against a 1.5 server.

Blair

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Oct 23 23:20:01 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.