Return-Path: X-Original-To: apmail-subversion-dev-archive@minotaur.apache.org Delivered-To: apmail-subversion-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 163AE98D2 for ; Sat, 18 Aug 2012 01:23:35 +0000 (UTC) Received: (qmail 71558 invoked by uid 500); 18 Aug 2012 01:23:34 -0000 Delivered-To: apmail-subversion-dev-archive@subversion.apache.org Received: (qmail 71520 invoked by uid 500); 18 Aug 2012 01:23:34 -0000 Mailing-List: contact dev-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@subversion.apache.org Received: (qmail 71513 invoked by uid 99); 18 Aug 2012 01:23:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Aug 2012 01:23:34 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of ben@reser.org designates 192.242.17.19 as permitted sender) Received: from [192.242.17.19] (HELO mail.brain.org) (192.242.17.19) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 18 Aug 2012 01:23:26 +0000 Received: from localhost (localhost [127.0.0.1]) by mail.brain.org (Postfix) with ESMTP id 74F24179E102 for ; Fri, 17 Aug 2012 18:23:05 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at fornix.brain.org Received: from mail.brain.org ([127.0.0.1]) by localhost (fornix.brain.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dQGsc0DJXD57 for ; Fri, 17 Aug 2012 18:23:03 -0700 (PDT) Received: from mail-lpp01m010-f43.google.com (mail-lpp01m010-f43.google.com [209.85.215.43]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by mail.brain.org (Postfix) with ESMTPSA id D3670179E066 for ; Fri, 17 Aug 2012 18:23:02 -0700 (PDT) Received: by lagk11 with SMTP id k11so5508846lag.16 for ; Fri, 17 Aug 2012 18:23:00 -0700 (PDT) MIME-Version: 1.0 Received: by 10.152.125.116 with SMTP id mp20mr6642857lab.19.1345252980623; Fri, 17 Aug 2012 18:23:00 -0700 (PDT) Received: by 10.112.22.37 with HTTP; Fri, 17 Aug 2012 18:23:00 -0700 (PDT) In-Reply-To: <502E977C.80901@mit.edu> References: <502CFF69.3050006@collab.net> <502E6DE7.6090905@collab.net> <20120817162403.GD634@ted.stsp.name> <20120817164149.GA28870@tarsus.local2> <502E86DF.4090102@collab.net> <502E8866.1020104@wandisco.com> <502E8EEE.70009@collab.net> <502E977C.80901@mit.edu> Date: Fri, 17 Aug 2012 18:23:00 -0700 Message-ID: Subject: Re: [Issue 4124] New - Give servers sufficient means to disallow commits from clients based on version numbers From: Ben Reser To: Subversion Development Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Fri, Aug 17, 2012 at 12:11 PM, Greg Hudson wrote: > I would expect a client version to be communicated over libsvn_ra_svn in > a string, not a word. The original design intent was that words are > only for enumerated protocol values understood by the ra_svn code itself. > > It seems like we departed from this design with #2991 when we made a set > of ra_svn words visible to hook scripts. That seems like a mistake, > just as it would be a mistake to put C identifiers into the UI. > > Anyway, for the case at hand, I think the client version needs to be > marshalled as a string, not a word, and therefore not as a capability. Is there real value in doing this? Wouldn't it be better to expose the client capabilities to the hook scripts? I don't see how you're going to avoid the user agent nonsense as long as you expose the client names and version numbers. If you take the TSVN example and image that another client decided to implement the client side hooks, then both TSVN and that hypothetical client could report a capability that specified that it supported client side hooks. With the added benefit that if the server side hook script was written for TSVN it would automatically start working for a new client, making using this feature far less burdensome. Exposing capabilities are far less likely to be abused to side step server hooks since changing the capabilities will change the behavior of the server, generally breaking the client (with the notable exception of the above TSVN client side hook example). Making a client misreport a client name and version number that is only provided to server hooks provides great incentive to modify these values. If there are behaviors of clients in the wild that hook authors want to filter on that aren't capabilities then that may override this. It seems to me that only exposing capabilities would be a far more elegant solution.