RE: Bikeshed: configuration override order
From: Bob Archer <Bob.Archer_at_amsi.com>
Date: Tue, 10 Aug 2010 13:25:45 -0400
> > Summary...
This is why I am trying to say it needs to be a two layer configuration. The settings on the server are enforced before anything is committed to the repo. The settings are also sent to the client (in some way) yes, to avoid that 5 minute or whatever wait. However I think shooting for client enforcement and trusting the client isn't something svn should rely on.
It is similar to writing a web app where you have client side validation/sanitation... but you still ALWAYS duplicate that validation/sanitation on the server... because you really have no way to trust that someone isn't posting bad data to your server/services using a client that isn't the one you provided.
I think the same approach has to be taken here. The server side config is provided to the client as a convenience but it is always enforced on the server (without the need to write scripts) because you can't always trust the client to be using or respecting "forced" repository configuration.
This is an archived mail posted to the Subversion Dev mailing list.