maven-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Wiedmann <jochen.wiedm...@gmail.com>
Subject Re: how to make the SVN release process more robust
Date Mon, 05 Aug 2013 23:01:55 GMT
Isn't it possible to handle this in a technical manner` For example, a
rigger script that's invoked upon commit and checks whether the path
contains a "tags" directory?



On Mon, Aug 5, 2013 at 4:51 PM, Nathan Coast <nathan.coast@db.com> wrote:

> Classification: Public
>
> Hi all,
>
> As SVN tags are simply a convention overlayed on top of SVN directories,
> SVN tags are therefore mutable.  This opens the possibility that someone
> could inject code to a tag between the release:prepare and the
> release:perform phases.
>
> This would mean that the code checked out during release perform phase
> could be different from the code which was originally tagged.
>
> To close this potential loophole, I'm considering this solution:
> 1)  Modify the behaviour within
> org.apache.maven.scm.provider.svn.svnjava.command.tag.SvnTagCommand  to
> return the tag revision number via TagScmResult
> 2)  Write the result to release.properties
> 3)  Utilise the revision number within the checkout command (tag plus
> revision#)
>
> Does anyone have any alternate suggestion for how to solve this?
>
> Regards,
> Nathan
>
>
>
>
> ---
>
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and delete this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
>
> Please refer to http://www.db.com/en/content/eu_disclosures.htm for
> additional EU corporate and regulatory disclosures.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>


-- 
"That's what prayers are ... it's frightened people trying to make friends
with the bully!"

Terry Pratchett. The Last Hero

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message