[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

[TSVN] Re: TortoiseSVN - FAQ

From: Simon Large <slarge_at_blazepoint.co.uk>
Date: 2004-11-05 17:49:36 CET

steffen.sprung wrote:
> We must control:
> -> the source-code which the user would like to use
> -> and the source-code which is in the database
> If wee generate a 'Signature' of a Souce.File (we can use
> PGP+CommandLine), these allow us to verify their authenticity, their
> origin, but equally to assure itself that the Souce.File is intact
> (control of the integrity).

I believe the integrity of the files is already verified by subversion
using MD5 checksums. I am not absolutely sure on this - can someone help
me out here?

As for authenticity, don't you trust the security features of Apache or
SSL to prevent unauthorized persons committing to your repository? How
else would a bogus file get there?

> * The 'Signature' of a Souce.File must be generate of the Client side,
> because the Private-Key's are local !

You have asked for Commit and Checkout hooks. What about Update, Switch,
Import, Export, etc?

> => The attached picture demonstrates our idea.

You have just sent me a 1.8MB uncompressed bmp file. Don't do that
again. If you must send pictures, please use gif, jpg or png if you hope
to get any answers from this list.

If I am translating correctly from French, you show merging taking place
on the server. That does not happen in subversion. Merging is a client
side operation.

Everything I have seen so far suggests that you have not really
understood how subversion works. I think you need to find out a lot more
before you start asking for new features.


To unsubscribe, e-mail: dev-unsubscribe@tortoisesvn.tigris.org
For additional commands, e-mail: dev-help@tortoisesvn.tigris.org
Received on Fri Nov 5 18:05:03 2004

This is an archived mail posted to the TortoiseSVN Dev mailing list.