[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Rejecting commits to a 1.5 server from clients < 1.5

From: Daniel Rall <dlr_at_collab.net>
Date: 2007-10-24 00:45:14 CEST

On Tue, 23 Oct 2007, Blair Zajac wrote:

> Daniel Rall wrote:
> >The point I was trying to make is about how we advertise this
> >behavior.
> >
> >We need to be very clear that we're _not doing access control_ here,
> >so those looking for guaranteed protection from malicious users
> >shouldn't rely on this facility for it. What we're doing is providing
> >a nicety that'll keep 99% of the user base from shooting themselves in
> >the foot, regardless of the fact that we're providing no real
> >security.
> Good point. But I wasn't even really thinking about this in a security
> context, just a capability context. Do we want to conflate the two?

I don't want to. But, in this particular case, it's easy for users to
make that mistake.

> Also, should we open a ticket with a 1.5 milestone for this?

It'd certainly be far less valuable to put this into a 1.5.x point
release, where x > 0. But, we're not making much progress towards
converging the issue trend towards zero...

  • application/pgp-signature attachment: stored
Received on Wed Oct 24 00:45:22 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.