Daniel Rall wrote:
> On Tue, 23 Oct 2007, Blair Zajac wrote:
>
>> Daniel Rall wrote:
> ...
>>> The point I was trying to make is about how we advertise this
>>> behavior.
>>>
>>> We need to be very clear that we're _not doing access control_ here,
>>> so those looking for guaranteed protection from malicious users
>>> shouldn't rely on this facility for it. What we're doing is providing
>>> a nicety that'll keep 99% of the user base from shooting themselves in
>>> the foot, regardless of the fact that we're providing no real
>>> security.
>> Good point. But I wasn't even really thinking about this in a security
>> context, just a capability context. Do we want to conflate the two?
>
> I don't want to. But, in this particular case, it's easy for users to
> make that mistake.
>
>> Also, should we open a ticket with a 1.5 milestone for this?
>
> It'd certainly be far less valuable to put this into a 1.5.x point
> release, where x > 0. But, we're not making much progress towards
> converging the issue trend towards zero...
<glass half full>
Well, I don't know. I just looked and there's 16 open tickets for 1.5, out of a
total of 174 tickets with the 1.5 milestone, so that looks pretty good, only
~10% left.
</glass half full>
Most are with merge tracking, so I guess that'll take a bit longer. This work
could definitely be done concurrently.
Blair
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 24 01:08:52 2007