[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: SVN - restriction to checkout only the latest version

From: [radoo] <ondas.radovan_at_gmail.com>
Date: Tue, 24 May 2011 13:26:33 +0200

Hi Markus,

>> I have a question whether subversion has possibility to allow checkout
>> only the latest version of the repository.
>
> No.

OK, then my research is confirmed. it would be against basic design
and idea of repositories in general.

>> My idea is (due to security) to allow only access only to the latest
>> revision of the file stored in subversion repository.
>
> My gut feeling is that if you try to base security on an assumption like
> this, something in your security design is fundamentally broken.
>
>> Or is there an option to set which would tell to keep only the latest
>> version or last 10 versions?
>
> You can either dump the repository from that revision, and then build a
> new repository from the dump. Maybe svndumpfilter can also help.
>
> If your problem is that you accidentally committed some files into the
> repository which should not be seen by anyone, that your problem could
> be solved by an action like that.
>
> Maybe you try to describe us the problem you want to solve, and then we
> can help you to find a (better) solution?

Right, I fully understand.
To explain the reason for my strange questions.
There was a need to store file with main password set for the file.
SVN was chosen because there was no need to setup another tool and
also all person who need to access the file has already access to SVN.
Therefore to create a simple repository was a matter of a few minutes.
So far so good. But later a question came up what will happen if the
main password will be compromised. You will change the password and
commit new version. But SVN has 'nice' option to checkout also older
versions of the file, where the old main password would be still valid
and your content is not protected.

So, in the end it looks like not a good idea to store such files in
SVN unless there are other possibilities. Sure I'm aware of users and
permissions for SVN, but this would bring another layer of complexity
to the design of the environment. The user is asked for the password
already once before.

We will also think of better tool to store the file with better way to
setup security. :)

Thanks,

Rado
Received on 2011-05-24 13:27:04 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.