[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: An access permissions problem

From: David Weintraub <qazwart_at_gmail.com>
Date: Tue, 21 Dec 2010 12:28:29 -0500

On Tue, Dec 21, 2010 at 10:59 AM, David Aldrich
<David.Aldrich_at_eu.nec.com> wrote:
> Thanks for your help. Yes, the branches, tags, and trunk directories are at the root. In your suggestion, I am worried that a developer might create a branch containing ConfidentialFolder in /branches rather than in /branches/ConfidentialBranches, by mistake. Do you agree that is a problem?

Sure, that's a possible issue. One of the biggest problems with
Subversion is that it is almost impossible to delete any information
from the repository. You put in confidential information in the wrong
place, and you basically have to do a dump/filter/load to remove it
from the repository.

To solve this issue, you can create a pre-commit hook that will
prevent someone from copying the confidential information project to
the plain /branches branch.

When a copy is done, svnlook will list where the copy is from, and
your hook can intercept this information.

I don't think my kitchen-sink pre-commit hook can be configured to
prevent this from happening. My script can prevent particular people
from creating a tag or branch, but never looks at the "to"

You'll have to write your own hook script. Fortunately, it isn't too
difficult -- especially since you're just checking for a very simple
thing. Do you see an "A' transaction where the from is from the
confidential directory and the "to" is to the branches directory? If
so, fail the transaction.

David Weintraub
Received on 2010-12-21 18:29:06 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.