Les Mikesell wrote on Thu, Nov 29, 2012 at 09:59:47 -0600:
> On Thu, Nov 29, 2012 at 1:59 AM, Thorsten Schöning
> <tschoening_at_am-soft.de> wrote:
> > Guten Tag olli hauer,
> > am Mittwoch, 28. November 2012 um 22:45 schrieben Sie:
> >
> >> Someone hacks one of the additional mirrors, modifies a revision and adjust the
> >> checksum (as described on many places how-to fix a corrupt repo) so it looks OK
> >> even with svnadmin verify.
> >
> > Sounds interesting, but if the mirrors not under your full control
> > already have been hacked how can you trust the locally produced
> > checksums by svnadmin? You can't as you can't trust the mirror in any
> > way, svnadmin could be manipulated, too, you would need to get the
> > data to a trustful environment again and check it from there.
>
> For things where the file representation is the same, I just use an
> 'rsync -nv' against a known-good copy to verify integrity and it runs
> pretty quickly. But, the copy built by svnsync doesn't necessarily
> get stored the same way, does it?
I think in 1.8/fsfs it will byte-for-byte identical. (except
rep-cache.db, but you can remove that file without consequences)
There was a dev@ thread by philipm about this not too long ago.
Received on 2012-11-29 18:34:30 CET