[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: An access permissions problem

From: Stefan Sperling <stsp_at_elego.de>
Date: Tue, 21 Dec 2010 19:19:21 +0100

On Tue, Dec 21, 2010 at 12:28:29PM -0500, David Weintraub wrote:
> On Tue, Dec 21, 2010 at 10:59 AM, David Aldrich
> <David.Aldrich_at_eu.nec.com> wrote:
> > Thanks for your help. Yes, the branches, tags, and trunk directories are at the root. In your suggestion, I am worried that a developer might create a branch containing ConfidentialFolder in /branches rather than in /branches/ConfidentialBranches, by mistake. Do you agree that is a problem?
> Sure, that's a possible issue. One of the biggest problems with
> Subversion is that it is almost impossible to delete any information
> from the repository. You put in confidential information in the wrong
> place, and you basically have to do a dump/filter/load to remove it
> from the repository.
> To solve this issue, you can create a pre-commit hook that will
> prevent someone from copying the confidential information project to
> the plain /branches branch.
> When a copy is done, svnlook will list where the copy is from, and
> your hook can intercept this information.
> I don't think my kitchen-sink pre-commit hook can be configured to
> prevent this from happening. My script can prevent particular people
> from creating a tag or branch, but never looks at the "to"
> information.
> You'll have to write your own hook script. Fortunately, it isn't too
> difficult -- especially since you're just checking for a very simple
> thing. Do you see an "A' transaction where the from is from the
> confidential directory and the "to" is to the branches directory? If
> so, fail the transaction.

It's better to fail if the copy is not going to the right place,
rather than going to one of many possible wrong places.

Regarding the external question: I think checkout and updates will fail if
the external cannot be accessed. It's quite easy to try this out on
a new repository created with svnadmin create:

 svnadmin create /tmp/myrepos
 svn co file:///tmp/myrepos working-copy
 cd working-copy
 svn mkdir dir

Now configure externals on "dir" that point to non-existing URLs,
run svn commit, and do more checkouts and updates see for yourself
what Subversion will do.

Received on 2010-12-21 19:20:22 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.