[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: .svn on the web? Risk

From: Johnson, Rick <JohnsonR_at_gc.adventist.org>
Date: 2006-02-01 21:39:46 CET

Someone more knowledgeable will have to speak to the .svn directories.
IIS (on Windows 2003) won't server files from a hidden directory which
the .svn files are by default so that's enough protection for me.
 
Here's my model which has worked well for my relatively small projects.
 
development
releases
    current
    v1
    v2
    etc...
tags
    2005-12-15tag
    2005-12-18tag
    etc...
 
I guess my development "directory" is the equivalent to trunk. I have
continuous integration (via Draco.Net and NANT since I use .NET) set up
to build the project to a staging site after each commit. When something
is ready to be released, the "current" directory" under releases is
removed and another "current" directory created at the revision we wish
to release. This kicks off an automatic build of the project to the live
server.
 
Rick

________________________________

        From: Jonathan Powell [mailto:Jonathan.Powell@augusoft.net]
        Sent: Wednesday, February 01, 2006 1:46 PM
        To: users@subversion.tigris.org
        Subject: .svn on the web? Risk
        
        
         
        I was wondering if there was a risk to having the .svn folders
on your website. Is it possible to hack into your source code because
of this or are you giving out too much information?
         
         
        Also I was very curious what model other people are using when
you have three servers, IE dev, staging and live. Currently I was
setting this up as:
         
        branches
            staging
            live
        trunk
         
        The idea was that staging and live would push code when there
was a change from the hook files. The trunk is really all new
development and would work the same way all new commits get pushed out
to the server.
         
        Why a push because we don't as developers have access to the
live and staging servers. Also we need to be able to move code at any
time to the servers. The issues I see with this setup are:
            Versions are not tagged or branched as the version #. Also
any changes needed to be pushed out from new development would have to
be merged into those branches (YUCK)... So I am up for suggestions from
people out there that have overcome these hurdles.
         
        The other idea was to have ssh installed on our local machines
so we could pull instead of push code out there then we could move code
when we want.
         
        Jon
Received on Wed Feb 1 21:43:14 2006

This is an archived mail posted to the Subversion Users mailing list.