[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: singl file checkout

From: Ryan Schmidt <subversion-2008c_at_ryandesign.com>
Date: Sun, 2 Nov 2008 14:34:31 -0600

On Nov 2, 2008, at 00:24, David L wrote:

> On Fri, Oct 31, 2008 at 4:18 PM, Mark Eichin wrote:
> <snip>
>> A friend just pointed out that the reason it isn't needed anymore is
>> the ControlMaster/ControlPath feature of modern ssh, which takes care
>> of it directly; looks like you can do something like
>>
>> ssh -o ControlMaster=yes -o ControlPath=/tmp/mysocket svnserver
>> and leave that around, then
>> export SVN_SSH="ssh -o ControlMaster=no -o ControlPath=/tmp/
>> mysocket"
>> and use svn+ssh as you already do... I haven't tried this myself yet
>> to see how much of a performance difference it makes, just confirmed
>> that the commands work...
>
> This does seem to speed things up. Something that was
> taking 64 seconds before is taking 34 seconds with this
> ssh ControlMaster trick. But it takes about 2.5 seconds when I
> point directly to the repository using file://. Maybe I should
> just always use file://... the repository is accessible via NFS
> export and the faq seems to imply that NFS access is ok
> for fsfs back end. I can't remember why we're using ssh
> and not just file://. Anyway, thanks for all your responses.

The file protocol is not appropriate for a production repository, or
when multiple users are accessing it. It provides zero security.
Anyone can take your entire repository home and easily circumvent any
access policy you may have set, and anyone can browse the repository
location in Windows Explorer or any other file browser and
accidentally or intentionally delete the entire thing, or only delete
specific older revisions, or replace data, or alter your hook scripts
or do anything else, which you might not notice until it's too late.

Since the FAQ is non-specific, I'll clarify: you can host an FSFS
repository on NFS (if your NFS server is set up right) in that you
can access the repository that way from a single computer that will
then run apache or svnserve to serve the repository to others over
http or svn protocols. The FAQ is not implying that multiple users
should try to access an NFS-hosted repository directly over the file
protocol.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-11-02 21:35:00 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.