Jan Keirse <jan.keirse_at_tvh.be> schreef op 19/01/2011 10:58:24:
> David Aldrich <David.Aldrich_at_EU.NEC.COM> schreef op 19/01/2011 10:42:15:
>
> > Hi
> >
> > I'd like to explain my high level problem, which I hoped externals
> > would solve. Maybe someone will have a suggestion how to properly
> > address this.
> >
> > Our source code is used by several developer groups. A few files
> > need to be confidential to one group. We can set access permissions
> > on these files in the trunk using Apache to support this. However,
> > if a member of that privileged group branches or tags the trunk,
> > those files will get copied to the new branch/tag and be visible to
> > all. Subversion can't copy the permission structure across. This
> > provides a maintenance headache.
> >
> > So I thought we could put the confidential files in another repo and
> > set appropriate permissions there. The main project will bring those
> > few files in and the access permissions of the source repo will
> > always be imposed wherever the external appears.
> >
> > But this is not really what externals are meant for, so I feel
> > unhappy about this solution. Furthermore, it seems best to always
> > make externals use fixed revisions, which isn't what we would want
> > as those confidential files will be continually changing.
> >
> > Please can anyone suggest a better way of solving this problem?
>
> In the future hopefully an authz file with wildcards will solve the
> problem:
> http://subversion.tigris.org/issues/show_bug.cgi?id=2662
>
> Right now I don't there's anything better than externals.
I've changed my mind, there is something that may be better than
externals, although it requires a little trick.
You should be able to create a commit hook that checks if the authz file
reflects the restrictions you want on a specific folder
(*/thesecretfolder/*) for the branch
(/branches/somebranch/thesecretfolder) and if not add the restrictions.
The advantage of this approach over externals is that you'll have atomic
commits, the version of the 'secretfolder' will be linked to the versions
in the rest of the repository,... And if one day the suggested wildcard
feature is implemented all you'll have to do is update the authz file to
contain a wildcard, remove the commit hook and you're done.
Kind Regards,
JAN KEIRSE
ICT-DEPARTMENT
Software quality & Systems: Software Engineer
**** DISCLAIMER ****
http://www.tvh.com/newen2/emaildisclaimer/default.html
"This message is delivered to all addressees subject to the conditions
set forth in the attached disclaimer, which is an integral part of this
message."
Received on 2011-01-19 17:26:22 CET