On 12.12.2018 19:07, Stefan Kueng wrote:
> On 12.12.2018 13:55, TortoiseSVN-dev on behalf of Julian Foad wrote:
>>>> Subversion encountered a serious problem.
>>>> Please take the time to report this on the Subversion mailing list
>>> It is likely that this is a problem specific to TortoiseSVN, and not
>>> to core SVN. TortoiseSVN has its own mailinglists, so you should
>>> report your problem there:
> Since this happens in the project monitor, my best guess is that the
> path/url the user entered to be monitored is not correct.
>> It makes me sad every time I see this pattern. Software is often
>> frustrating to use, but should at least aim to be polite to its
>> users. Telling the user "Please do X" and then when the user does X
>> saying "No, it's no good doing X; do Y" is not polite, and I would
>> not expect anyone but the most calm, patient and helpful of users to
>> gracefully comply with such a request.
>> I'm not meaning to criticise Johan but rather our whole system.
>> Can we please fix this problem. Both:
>> 1) Tsvn please change the message.
> Sorry, won't do that. Because I've argued multiple times over the
> years here that calling exit() or even abort() in a library is the
> worst idea ever. Especially if this can happen by having the user
> enter a wrong path/url.
It's not the user entering the wrong path or URL. It's the code that
uses the Subversion libraries — in this case TSVN — not validating and
de-tainting its input. Yes, this has been going on for years due to your
obstinately refusing to conform to our API specs. In the meantime,
*your* users are left hanging.
The rules are clear and consistent: pointers may not be NULL unless
specifically allowed, paths must be absolute and canonical, URLs must be
canonical, all strings must be encoded in UTF-8. We provide a wide range
of helper functions that make it easy for API consumers to encode the
> Sorry if this message seems rude - but I'm tired of arguing the same
> over and over again.
You don't say.
Received on 2018-12-12 19:54:26 CET