[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Shredding private/confidential information‏

From: Erik Huelsmann <ehuels_at_gmail.com>
Date: Tue, 28 Apr 2009 13:03:05 +0200

2009/4/28 Steven <meteor3000_at_hotmail.com>:
>> Ryan Schmidt wrote:
>> > On Apr 27, 2009, at 17:19, Todd C. Gleason wrote:
>> >
>> >> I'm not arguing against a universal OS solution, but I wouldn't
>> >> hold my breath for one either. I was merely pointing out that
>> >> Subversion could choose to offer security enhancements in this
>> >> area. If you did put shredding in, you might want an svn
>> >> subcommand to shred an entire WC as well.
>> >>
>> >> Note that I'm also not debating the priority of such a feature
>> >> (because I don't personally need it).
>> >>
>> >> However, arguing that some things are out of your control seems to
>> >> me like saying that it's not worthwhile to do X unless everybody
>> >> else is doing it. (Pick your favorite altruistic cause here.)
>> >> Besides, for those non-svn areas the user may already have
>> >> shredding utilities, and simply want something to cover the svn
>> >> portion.
>> >
>> > But, to your first paragraph, there would be absolutely no difference
>> > in shredding an entire working copy vs. shredding any other directory
>> > on your computer. Just install a secure deletion program and use it
>> > on the working copy, or any other file or directory.
>> There are temporary log files and other files svn client will use during
>> its
>> normal operation which will get deleted, so the bytes will still exist on
>> the
>> disk platter.
> This is exactly what I meant. From the moment I trust my files to SVN, I
> can't track or control where it spreads my data.
> The fact that data persists in the repository is not the (my) problem.
> Because I *know* where it is, and I know what I have to do if I wish to
> shred it. Neither is there a problem to shredding an entire working copy.
> The problem arises when SVN, as part of its daily operation, disposes any
> file that contains copies of confidential data, because copies of
> confidential data should be shredded.
> It has been argued that the safe disposal of confidential data is not the
> responsibility of SVN, because other programs share the same problem. But
> the uncontrolled-copying-of-data problem is worse with SVN than with any
> other program I've seen. So it would make sense to me if SVN gave me the
> option to NOT spread all my data across the disk. Without me having to know
> about logfiles in the tempdir.
> If SVN has to make copies all over the place, while handling working copies,
> then it has to; but just disposing them seems unscrupulous for some kinds of
> files.
> If switching to CVS solves any problem, than SVN has failed it's mission :p

Why? It's only a compelling replacement, not a drop-in replacement.




To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-28 13:03:57 CEST

This is an archived mail posted to the Subversion Users mailing list.