On 14 nov 2012, at 11:53, Ivan Zhakov <ivan_at_visualsvn.com> wrote:
>>> Confirmed as far as my testing goes (did not test short_circuit). I suggest
>>> committing the patch with GET subrequest and potentially change all to
>>> HEAD in a separate commit if there is consensus.
>> Committed in r1408184.
> I doubt about backporting this fix to 1.7.x.
> * This is regression from 1.6.x: It was possible to restrict access
> to "Collection of Repositories" by controlling access to [/], while
> access to individual repositories were controlled by [repoN:/]. This
> might not have been by design, bit still a very useful feature.
> * We already ported similar fix to hide unreadable dirs to 1.6.x (r996884)
> * Security behavior changes in patches is not good thing from my point view
> Any opinions?
I think it makes sense to release in 1.8 (no backport). Provides a better opportunity to explain the change. Admins on 1.6 who can not have open access to Collection of Repositories will have to skip 1.7.
I can try to draft something for the change notes, next week.
Received on 2012-11-14 23:39:14 CET