[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion Exception!

From: Branko Čibej <brane_at_apache.org>
Date: Wed, 12 Dec 2018 19:54:18 +0100

On 12.12.2018 19:07, Stefan Kueng wrote:
> On 12.12.2018 13:55, TortoiseSVN-dev on behalf of Julian Foad wrote:
>>>> Subversion encountered a serious problem.
>>>> Please take the time to report this on the Subversion mailing list
>> […]
>>>> https://subversion.apache.org/mailing-lists.html
>>
>>> It is likely that this is a problem specific to TortoiseSVN, and not
>>> to core SVN. TortoiseSVN has its own mailinglists, so you should
>>> report your problem there:
>> (Cross-posting.)
>
> Since this happens in the project monitor, my best guess is that the
> path/url the user entered to be monitored is not correct.
>
>>
>> It makes me sad every time I see this pattern. Software is often
>> frustrating to use, but should at least aim to be polite to its
>> users. Telling the user "Please do X" and then when the user does X
>> saying "No, it's no good doing X; do Y" is not polite, and I would
>> not expect anyone but the most calm, patient and helpful of users to
>> gracefully comply with such a request.
>>
>> I'm not meaning to criticise Johan but rather our whole system.
>>
>> Can we please fix this problem. Both:
>> 1) Tsvn please change the message.
>
> Sorry, won't do that. Because I've argued multiple times over the
> years here that calling exit() or even abort() in a library is the
> worst idea ever. Especially if this can happen by having the user
> enter a wrong path/url.

It's not the user entering the wrong path or URL. It's the code that
uses the Subversion libraries — in this case TSVN — not validating and
de-tainting its input. Yes, this has been going on for years due to your
obstinately refusing to conform to our API specs. In the meantime,
*your* users are left hanging.

The rules are clear and consistent: pointers may not be NULL unless
specifically allowed, paths must be absolute and canonical, URLs must be
canonical, all strings must be encoded in UTF-8. We provide a wide range
of helper functions that make it easy for API consumers to encode the
parameters.

> Sorry if this message seems rude - but I'm tired of arguing the same
> over and over again.

You don't say.

-- Brane
Received on 2018-12-12 19:54:26 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.