[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: "Flaw" revisited (was: Bug? FSFS revision control)

From: Dassi, Nasser <NDassi_at_141xm.com>
Date: 2005-01-27 14:41:26 CET

Thank you Marc and Brass (Tilde),
Those were the 2 most respectful emails I've received the past 2 days about the concern.

        -----Original Message-----
        From: Marc Haisenko [mailto:haisenko@webport.de]
        Sent: Thu 1/27/2005 8:24 AM
        To: users@subversion.tigris.org
        Subject: Re: "Flaw" revisited (was: Bug? FSFS revision control)

        Nasser (I hope this is your first name :-),
        the question is not really whether the current SubVersion FSFS would be safer
        or not by adding some obscurity or just checksumming or whatever, the
        question is: is it worth the hassle ?
        Not only does adding code to try to protect you from hackers need some work
        (designing and implementing), but the added complexity could (and propably
        would) create conditions (bugs) in which that "protection" could backfire and
        result in unnecessary problems for the enduser/administrator.
        If someone really wanted to change your repository and has the needed access
        rights he always could dump the repository, manipulate the dump and then
        recreate the repository.
        So the question is: is this "problem" big enough to spend time on implementing
        your request ? The majority seems to think "no", as your scenario is /very/
        theoretical and it would propably cause more problems and thus waste even
        more developer time which could be spent on implementing more pressing
        At least that's how I see it and how I interpret the reactions on this
        list ;-)
        Marc Haisenko
        Webport IT-Services GmbH
        mailto: haisenko@webport.de
        To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
        For additional commands, e-mail: users-help@subversion.tigris.org

Received on Thu Jan 27 14:44:54 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.