Tom Mornini wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Jan 26, 2005, at 1:03 PM, Dassi, Nasser wrote:
>
>> Issue:
>> The revision number with file-type FSFS is manually modifyable in any
>> ol' text editor. The value (in a file within the repository's file
>> structure) is stored in plain-text and can be edited with extreme
>> ease.
>
> snip...
>
>> Possible/suggested bug fix/workaround solutions:
>> 1. Implement integrity checking to cause future modified-repository
>> commits to fail; or
>> 2. Implement revision-locking at the filesystem level so existing
>> revprops + revs files are not *overwritten*; or
>> 3. Revert to latest revision based on FSFS-stored revprops and revs
>> file trails; or
>> 4. Implement encoding/encryption to reduce likelihood of tampering
>> (as Berkeley DB does)
>
> 5. Implement OS level file security (per OS, per installation) to
> prevent access to people who should not be able to do this.
>
> You know, I just discovered another bug in both Subversion AND FSFS!
>
> If you manually give OS commands to destroy your repository, your
> repository is destroyed, and Subversion neither prevents,
> nor gives adequate warning, nor automatically ignores the results of
> those commands. Additionally, it gives no method of
> fixing the problem directly.
>
> Now, I'm finding bugs in nearly everything:
>
> 1) Televisions stop working when dropped
> 2) Knives make people bleed when used improperly.
> 3) Guns...don't even get me started!
>
> I'm sort of having a bad day, and might regret this email later, but I
> have to ask:
>
> Was this a serious email (bad) or intended as a joke (funny)?
LOL! :-)
I agree entirely - thanks for making the point so splendidly.
Thanks,
Max.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jan 26 23:32:05 2005