[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnadmin create and not being method agnostic

From: Les Mikesell <lesmikesell_at_gmail.com>
Date: Wed, 29 Dec 2010 11:32:09 -0600

On 12/29/10 11:03 AM, Philip Prindeville wrote:
>> That's unclear, I agree. I've taken it in a slightly different
>> direction, trying to address his concerns.
> So my concern is this: I want to be able to easily, clearly, and with high
> confidence set up SVN to *only* work via Apache, and no other way. And I think
> that it's not unreasonable for the admin to be able to tell "svnadmin create"
> which access method he plans on using.

If you don't want people to run svnserve, just remove the binary. If you don't
want file:/// access, don't give anyone access to the filesystem or ssh
connections. It really seems like a waste of time to me to try to control what
a developer with access to both the source code and the filesystem in question
can or can't do. I agree that making it harder to do something stupid is a good
idea, but starting wars between developers and administrators isn't going to be
a good idea unless the only access the machine is over http(s).

> And I can say, as an admin a decade ago, that software that is simple and clear
> to setup and operate is a joy in an otherwise largely thankless job (since
> people only talk to you when things are broken, not when they work correctly).

But even that is a mixed bag. If you have an existing infrastructure for
authentication and/or client ssl certificates you are going to want software
that is versatile enough to use it instead of forcing you to use its own
different mechanisms.

   Les Mikesell
Received on 2010-12-29 18:32:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.