[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Obliterate and auditability

From: Karl Fogel <kfogel_at_red-bean.com>
Date: Mon, 21 Apr 2008 11:44:51 -0400

"C. Michael Pilato" <cmpilato_at_collab.net> writes:
> Karl's obliterate-via-svnsync plan (in that he was the first to send
> dev-list email about this already-considered idea)

Whups, sorry; if I'd remembered prior discussions about this I would
have just pointed to them (or at least credited someone). I often
remember ideas without remembering their provenance -- this appears to
be one of those cases.

> seems like a good
> one; a fine way to finally answer this feature request which has been
> haunting us for years. I am in favor of seeing this feature happen,
> so I don't want to come across as an anti-obliterater. But I resonate
> with those who believe that auditability as a goal runs closer to the
> spirit of what a version control tool is than does the untraceable
> disposal of versioned data.

Huh. The "Make It Never Have Happened" use case has been part of our
obliterate discussions since the feature was first proposed, mentioned
in http://subversion.tigris.org/issues/show_bug.cgi?id=516#desc1 even.

The answer "people can use svndumpfilter" applies to most obliterate
cases. But my point is that if users are resorting to svndumpfilter to
do something, that must mean *they want to do it* -- so why should we
make them jump through hoops?

Of course auditability should be the default, and I'm not claiming that
removal of revisions is the common case (feedback indicates it is not).
But it's easy to implement along with everything else, so why not do it?
If we're telling people to use svndumpfilter, for something we could
easily give them in Subversion itself, that's silly: we should just give
it to them outright.

By the way, the argument that we shouldn't help users do illegal things
doesn't really hold up. We could just as easily make up an example
about an admin trying frantically to eliminate all evidence of a data
event before some repressive regime's police show up to seize the
servers and put everyone in jail. You really can't know in advance
whether you're going to morally approve of the uses of your software
(hence the clause about "no discrimination against fields of endeavor"
in the Open Source Definition and the Debian Free Software Guidelines).


To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org
Received on 2008-04-22 09:05:32 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.