[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Restrict access by revision number

From: Carsten Fuchs <CarstenFuchs_at_T-Online.de>
Date: Sat, 12 Dec 2009 14:20:14 +0100

Dear Subversion group,

we would like to migrate our svn repository to a new machine, and use the opportunity to provide
anonymous (public internet) access to it.

+++ Overview +++

However, the repository contains confidential information like lists of telephone numbers that
are supposed to be checked out by everyone in the current head revision and all future
revisions, but we would like to prevent checkouts of older revisions.

Therefore, what we "really" or "ideally" want to accomplish is to restrict repository access by
revision number.

While this could easily be accomplished by creating an entirely new repository with the contents
of a current working copy (losing all history, restarting at revision number 1), we would like
to preserve history: A set of authorized people should still be able to checkout old revisions
and see old log messages, just everyone else should be restriced to todays head and all future
revisions.

+++ Variant 1 +++

As there seems to be no direct way to achieve this, we are now wondering if combining svn copy
   with path-based authorization as described at
<http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html> is a viable
alternative.

That is, we would import the original repository into a subdirectory of the new one (with full
history), then svn copy, e.g.:

svn copy http://.../new-repos/imported-old http://.../new-repos/public

then restrict access to path "imported".

+++ Variant 2 +++

A variant of this would be to not import the old repository into the new one, but refer to it
with svn:externals, then svn copy the external repository into the local one as above.
Access to the external repository would be set on a per-repository level as usual.

+++ Questions :-) +++

a) Is there a (maybe entirely different) solution to the problem that is simpler and/or more
direct than variant 1 or 2?

b) Is the key idea "replace revision-number-based access by path-based access" reasonable at all?

c) Does svn copy preserve history when used with svn:externals?

d) What happens is the externals repository is not available, either because it has
per-repository access restrictions or the network is unavailable, machine is down, etc.?

We'd be very happy and grateful for any comments and help.

Thank you very much, and best regards,
Carsten

Received on 2009-12-12 14:21:03 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.