[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn externals

From: Ryan Schmidt <subversion-2011a_at_ryandesign.com>
Date: Sat, 12 Feb 2011 12:23:07 -0600

On Feb 12, 2011, at 00:25, Robert Bielik wrote:

> Ryan Schmidt skrev 2011-02-11 22:20:
>> svn:externals is for accessing other (or the same) Subversion repositories only.
> Yes, I know, but I had hopes :) Wouldn't it be cool with a svn:command feature in which you'd be able to write a "git pull" command ? I.e.
> a generic property which executes written commands when you update ? ;)

I can see the appeal, but I can also see the great possibility for mischief. I don't like the idea of "svn up" being given the power to run any command on my system. What if someone commits a command that has a bug that causes data to be deleted on my system? What if a hacker gains access to the repository and commits an "svn:command" that, when run on my system, installs malware? It's the same reason why Subversion doesn't have client-side hooks. Even in the absence of such threats, it can take a lot of work to ensure what you write will work on any user's system. What if the user has a different version of the git command that behaves differently? What if the user is on Windows, or Unix, or Mac OS X -- do they all behave the same?

Don't get me wrong, I think it would be nice for Subversion to be able to pull in data in an externals-like manner from repositories that are not on Subversion. But if that is implemented, it should be in the Subversion client code -- perhaps as simply as allowing git or hg URLs in svn:externals -- and not as the ability for the repository to dictate arbitrary client-side executables to run.
Received on 2011-02-12 19:23:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.