Re: svn externals

On Feb 12, 2011, at 00:25, Robert Bielik wrote:

> Ryan Schmidt skrev 2011-02-11 22:20:
>>
>
>> svn:externals is for accessing other (or the same) Subversion repositories only.
>
> Yes, I know, but I had hopes :) Wouldn't it be cool with a svn:command feature in which you'd be able to write a "git pull" command ? I.e.
> a generic property which executes written commands when you update ? ;)

I can see the appeal, but I can also see the great possibility for mischief. I don't like the idea of "svn up" being given the power to run any command on my system. What if someone commits a command that has a bug that causes data to be deleted on my system? What if a hacker gains access to the repository and commits an "svn:command" that, when run on my system, installs malware? It's the same reason why Subversion doesn't have client-side hooks. Even in the absence of such threats, it can take a lot of work to ensure what you write will work on any user's system. What if the user has a different version of the git command that behaves differently? What if the user is on Windows, or Unix, or Mac OS X -- do they all behave the same?

Don't get me wrong, I think it would be nice for Subversion to be able to pull in data in an externals-like manner from repositories that are not on Subversion. But if that is implemented, it should be in the Subversion client code -- perhaps as simply as allowing git or hg URLs in svn:externals -- and not as the ability for the repository to dictate arbitrary client-side executables to run.
Received on 2011-02-12 19:23:52 CET