[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn log "hangs"

From: Dominic Anello <danello_at_danky.com>
Date: 2004-11-06 00:35:16 CET

On 2004-11-05 15:24:37 -0500, Mark Phippard wrote:
> "Ray Johnson" <Rayj@ingenio.com> wrote on 11/05/2004 03:14:18 PM:
>
> > Well that explains why it is *so* slow. The initial revision is from we
> > imported the repository and has thousands of files in the revision. Is
> > there a way to "kill" a revision? If I could somehow get rid of
> > that initial revision things might not be so bad...
> >
> > However, I still don't understand why it has to check every file in the
> > revision. I understand why would would want to if your doing a "svn log
> > -v" which also reports all the files of each revision. But if your not
> > using the -v option then only information about that file is returned.
> > So why does it need to verify the paths for all the other files?
>
> I imagine it is because it is viewed as a security hole to show you log
> information about a revision if there are ANY files committed in that
> revision to which you do not have read access.
>
> The authz module is very useful, it is a shame to do something like this
> which might make it unusable for a lot of people. I would like to see
> some new configuration directive that would allow svn log to be able to
> bypass these checks while retaining the rest of authz.
>
> I realize that many people need this level of security, regardless of the
> performance hit. So the current behavior probably should be the default.
> However, a lot of us just want to enforce read-only access to certain
> folders and certain users, and in some cases, we might want to remove read
> access to the contents of certain files. That does not mean that we care
> if someone can see the log info, especially at this price.
>
> None of this bodes well for a future ACL feature, if this is any
> indication what can happen to performance.
>
> Mark

I agree with Mark. I think for most environments it isn't big deal for
logs to be transparent. In fact, I kind of regard it as a misfeature
that one of my users might not be able to see the full history of a file
because it happens to share a revision with another file they don't have
access to.

I do understand the rationale, though.

Just my $0.02.

Regards,

Dominic

  • application/pgp-signature attachment: stored
Received on Sat Nov 6 01:46:47 2004

This is an archived mail posted to the Subversion Users mailing list.