I think it's safe to say that the solution -- if one is to be found --
either lies in Apache (not in Subversion), or requires a rearchitecting of
Subversion significant enough as to be one of those
vast-cast-for-little-gain things.
My recommendation for those admins able to do such a thing is that they
allow anonymous, read-only access to repositories over http://, and require
authentication for all access to repositories via https://. Google Code
uses this principle, and I think it was a wise decision on their part to do so.
Omry Yadan wrote:
> is it safe to assume no one cares about this bug?
>
>
> Omry Yadan wrote:
>
>> C. Michael Pilato wrote:
>>
>>> Omry Yadan wrote:
>>>> are there any plans to fix this problem?
>>>> looks like it's a real time waster for many people, as the book does
>>>> not even hint such a common (required) setup is impossible without
>>>> special tricks.
>>>
>>> I doubt it. I'm not sure that its within Subversion's reach to fix.
>>> It's rather a quirk of Apache's authn/authz model. (But you're right
>>> -- the book probably should address this common question.)
>>>
>> What if the client sends the authentication credentials anyway (if
>> they are available or if the user specifies them in the command line),
>> and webdav is tweaked to authenticate the client in such case even if
>> resource does not required authentication?
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
>> For additional commands, e-mail: dev-help_at_subversion.tigris.org
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
> For additional commands, e-mail: dev-help_at_subversion.tigris.org
>
--
C. Michael Pilato <cmpilato_at_collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Received on 2008-07-18 17:35:57 CEST