commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ma...@apache.org
Subject Re: svn commit: r1226175 - in /commons/proper/pool/tags/POOL_1_6_RC2: ./ src/changes/ src/java/org/apache/commons/pool/ src/java/org/apache/commons/pool/impl/ src/site/ src/site/xdoc/ src/test/org/apache/commons/pool/
Date Thu, 05 Jan 2012 14:18:09 GMT
sebb <sebbaz@gmail.com> wrote:

>On 4 January 2012 15:07, Gary Gregory <garydgregory@gmail.com> wrote:
>> Sebb:
>>
>> How do you like this tag:
>>
>>
>https://svn.apache.org/repos/asf/commons/proper/pool/tags/POOL_1_6_RC3
>>
>> ?
>
>It's the svn commit message that is important, and that is:
>
>>>>>
>URL: http://svn.apache.org/viewvc?rev=1227178&view=rev
>Log:
>Create commons-pool-1.6-RC3 tag
>
>Added:
>   commons/proper/pool/tags/POOL_1_6_RC3/
>     - copied from r1227176, commons/proper/pool/branches/POOL_1_X/
>Modified:
>   commons/proper/pool/tags/POOL_1_6_RC3/pom.xml
><<<<
>
>which looks fine; only one revision is referenced.
>
>I suggest you checkout the tag from the http: (read-only) SVN URI and
>build from that workspace.

For the (very) security paranoid that is generally a bad idea as it allows an attacker to
modify the stream.

Granted you have to be really paranoid to be worried about stuff like this and the checks
various folks do comparing src and tag before they vote should catch any changes that but
it isn't as if a targeted attack on the ASF is unknown.

Personally, I always work with svn over https.

Just some food for thought and not a big deal in this case.

Mark




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message