On 12.07.2013 15:08, Stefan Sperling wrote:
> On Fri, Jul 12, 2013 at 02:50:26PM +0200, Branko Čibej wrote:
>
> I am strongly against the idea of adding LDAP support to mod_authz_svn.
> There is already a mod_ldap, it doesn't make sense to duplicate
> functionality. If mod_ldap has performance problems -- well then, that's
> the place to solve them. It's open source after all.
> I think you misread what we were saying. mod_ldap caches ldap replies,
> and should perform better than the proposed patch, which does no caching.
Ah, I did indeed misread, sorry.
>> Adding /group/ support to mod_authz_svn is completely orthogonal to
>> LDAP. Let's not mix the two issues. And frankly, I'd rather spend time
>> adding proper group- and role-based authorization to the repository than
>> heaping more stuff onto the current config-file-based authz layer.
> Please, let's not tie the "we need a new filesystem" discussion into
> this tiny feature addition that solves someones problem.
Well, I disagree that it's a tiny feature. It seems to me that it's a
quite significant addition to the way we process authz rules, at the
very least it's a significant user-visible change that affects both
performance and backwards compatibility, so it merits a design
discussion on this list. The fact that the dependency coupling and
layering violation in the original patch didn't raise a whole lot more
objections frankly scares me.
(And I would've chimed in earlier and spent more time reviewing if I
wasn't supposed to be offline on vacation right now.)
-- Brane
--
Branko Čibej | Director of Subversion
WANdisco // Non-Stop Data
e. brane_at_wandisco.com
Received on 2013-07-12 15:22:21 CEST