On Oct 20, 2004, at 5:12 PM, Ed Swierk wrote:
> On Wed, 20 Oct 2004, Ben Collins-Sussman wrote:
>
>> There's no known workaround. For every revision returned by 'svn
>> log',
>> the server now needs to inspect the changed-paths in the revision and
>> decide how many are readable. Based on the answer to that question,
>> the server then decides how much information to send about the
>> revision: whether or not it's okay to send any of {date, author,
>> log-message} and how many of the changed-paths can be revealed.
>> That's
>> what the security fix is all about.
>
> I can see how checking all of the revisions changed-paths is necessary
> for
> svn log -v, but why is it needed in the simpler case for only a single
> file's history (no -v)?
Take a read of this:
http://svn.collab.net/repos/svn/trunk/notes/authz_policy.txt
If a revision was committed to an area that affected nothing but
unreadable paths, then the whole log message is suppressed. So is the
author and date. You see nothing but the revnum. So whether or not
you pass the -v flag is irrelevant.
>
> Getting back to possible workarounds: is there some way to configure
> the
> timeout before a client gives up on a slow operation?
Sure, look in the ~/.subversion/servers file, there's a timeout
variable.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 21 01:59:22 2004