On 2004-11-05 15:24:37 -0500, Mark Phippard wrote:
> "Ray Johnson" <Rayj@ingenio.com> wrote on 11/05/2004 03:14:18 PM:
> > Well that explains why it is *so* slow. The initial revision is from we
> > imported the repository and has thousands of files in the revision. Is
> > there a way to "kill" a revision? If I could somehow get rid of
> > that initial revision things might not be so bad...
> > However, I still don't understand why it has to check every file in the
> > revision. I understand why would would want to if your doing a "svn log
> > -v" which also reports all the files of each revision. But if your not
> > using the -v option then only information about that file is returned.
> > So why does it need to verify the paths for all the other files?
> I imagine it is because it is viewed as a security hole to show you log
> information about a revision if there are ANY files committed in that
> revision to which you do not have read access.
> The authz module is very useful, it is a shame to do something like this
> which might make it unusable for a lot of people. I would like to see
> some new configuration directive that would allow svn log to be able to
> bypass these checks while retaining the rest of authz.
> I realize that many people need this level of security, regardless of the
> performance hit. So the current behavior probably should be the default.
> However, a lot of us just want to enforce read-only access to certain
> folders and certain users, and in some cases, we might want to remove read
> access to the contents of certain files. That does not mean that we care
> if someone can see the log info, especially at this price.
> None of this bodes well for a future ACL feature, if this is any
> indication what can happen to performance.
I agree with Mark. I think for most environments it isn't big deal for
logs to be transparent. In fact, I kind of regard it as a misfeature
that one of my users might not be able to see the full history of a file
because it happens to share a revision with another file they don't have
I do understand the rationale, though.
Just my $0.02.
Received on Sat Nov 6 01:46:47 2004
- application/pgp-signature attachment: stored