Let me say that even more clearly: svnrdump is a new CLIENT-SIDE tool.
It did not change a millimeter in the server code or in the network
protocols. That severly limits the extent of security issues it can
introduce.
Feldhacker, Chris wrote on Thu, Aug 19, 2010 at 14:14:30 -0500:
> Any "rough" documentation available, particularly in terms of security or access control?
>
> Remote "dump" makes sense -- and I assume everything being dumped is subject to the authorization/access control restrictions that have been put into place on the server, yes? (A particular path or file won't be included in the dump if the user doesn't have permission to access it, right?)
>
> Remote "load" seems scary -- How can I prevent my users from being able to use this command? Is the original author of the dumped revision preserved, or is the author set to the user doing the load? Can users do anything else bad, like changing repo UUID?
>
> Right now svnadmin is great because performing admin functions is controlled by requiring actual access to the box. If admin functions are now going to be available remotely, then I would want to make sure there was a way to make sure these functions could only be performed by authorized users...
>
>
>
> -----Original Message-----
> From: Ramkumar Ramachandra [mailto:artagnon_at_gmail.com]
> Sent: Wednesday, August 18, 2010 1:51 PM
> To: Subversion Users Mailing List
> Cc: Daniel Shahaf; Bert Huijben; Stefan Sperling
> Subject: [ANNOUNCE] svnrdump: A new dumper/ loader in trunk
>
> Hi,
>
> There's now a new tool located in subversion/svnrdump. We have developed it over the last few weeks, and we feel that it is mature enough to announce. Although it has not been tested extensively, we would like to encourage you to try it out and give us feedback so we can improve it.
>
> So what is svnrdump? It is a tool to produce a dumpfile from a remote repository without having to mirror the whole thing on the hard disk, as well as load a dumpfile into a remote repository. Although it's fundamentally different from the `svnadmin` tool on the inside, it can be thought of as providing a remote `svnadmin dump | load` functionality. It currently only works with dumpfile v3, and we intend to keep it that way.
>
> svnrdump is meant to be a lightweight high-performance tool that is intended to be useful to both server admins and developers of other versioning systems looking to import/ export revision history from Subversion. The motivation for the project actually arises from my recent GSoC project, git-remote-svn; the Git developers are writing in support for seamless interoperability with Subversion.
>
> Anyway, we hope you find the tool useful; do test it on your own repositories and file issues/ feature requests.
>
> -- Ram
>
>
> -----Message Disclaimer-----
>
> This e-mail message is intended only for the use of the individual or
> entity to which it is addressed, and may contain information that is
> privileged, confidential and exempt from disclosure under applicable law.
> If you are not the intended recipient, any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> reply email to Connect_at_principal.com and delete or destroy all copies of
> the original message and attachments thereto. Email sent to or from the
> Principal Financial Group or any of its member companies may be retained
> as required by law or regulation.
>
> Nothing in this message is intended to constitute an Electronic signature
> for purposes of the Uniform Electronic Transactions Act (UETA) or the
> Electronic Signatures in Global and National Commerce Act ("E-Sign")
> unless a specific statement to the contrary is included in this message.
>
> While this communication may be used to promote or market a transaction
> or an idea that is discussed in the publication, it is intended to provide
> general information about the subject matter covered and is provided with
> the understanding that The Principal is not rendering legal, accounting,
> or tax advice. It is not a marketed opinion and may not be used to avoid
> penalties under the Internal Revenue Code. You should consult with
> appropriate counsel or other advisors on all matters pertaining to legal,
> tax, or accounting obligations and requirements.
>
Received on 2010-08-19 22:16:22 CEST