[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Rejecting commits to a 1.5 server from clients < 1.5

From: Blair Zajac <blair_at_orcaware.com>
Date: 2007-10-24 01:08:33 CEST

Daniel Rall wrote:
> On Tue, 23 Oct 2007, Blair Zajac wrote:
>> Daniel Rall wrote:
> ...
>>> The point I was trying to make is about how we advertise this
>>> behavior.
>>> We need to be very clear that we're _not doing access control_ here,
>>> so those looking for guaranteed protection from malicious users
>>> shouldn't rely on this facility for it. What we're doing is providing
>>> a nicety that'll keep 99% of the user base from shooting themselves in
>>> the foot, regardless of the fact that we're providing no real
>>> security.
>> Good point. But I wasn't even really thinking about this in a security
>> context, just a capability context. Do we want to conflate the two?
> I don't want to. But, in this particular case, it's easy for users to
> make that mistake.
>> Also, should we open a ticket with a 1.5 milestone for this?
> It'd certainly be far less valuable to put this into a 1.5.x point
> release, where x > 0. But, we're not making much progress towards
> converging the issue trend towards zero...

<glass half full>
Well, I don't know. I just looked and there's 16 open tickets for 1.5, out of a
total of 174 tickets with the 1.5 milestone, so that looks pretty good, only
~10% left.
</glass half full>

Most are with merge tracking, so I guess that'll take a bit longer. This work
could definitely be done concurrently.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 24 01:08:52 2007

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.