Re: Support character classes in glob authz rules
From: Julian Foad <julianfoad_at_apache.org>
Date: Mon, 03 Dec 2018 08:15:24 +0000
Branko Čibej wrote:
Glad to see a proposal.
It makes me uncomfortable to depart from standard parsing. What if users are relying on Python ConfigParser or other compatible parsing as part of their Subversion authz infrastructure?
First I wondered if anything bad could happen if there's a silent change in meaning where a user has written, let's say,
> [:glob:/**/secret1] # was [:glob:/**/secret2]
It's hard to find any plausible example that would successfully parse and actually match something, but may be possible.
> The proposed change in the parser is only enabled for parsing authz and
These sorts of quirks tend to make a system hard to maintain in the long run. What if we find another case where we'd like to depart from that parsing? How far would we go?
What alternative solution could we consider?
This is an archived mail posted to the Subversion Dev mailing list.