subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carsten Fuchs <CarstenFu...@T-Online.de>
Subject Restrict access by revision number
Date Sat, 12 Dec 2009 13:20:14 GMT
Dear Subversion group,

we would like to migrate our svn repository to a new machine, and use the opportunity to provide

anonymous (public internet) access to it.


+++ Overview +++

However, the repository contains confidential information like lists of telephone numbers
that 
are supposed to be checked out by everyone in the current head revision and all future 
revisions, but we would like to prevent checkouts of older revisions.

Therefore, what we "really" or "ideally" want to accomplish is to restrict repository access
by 
revision number.

While this could easily be accomplished by creating an entirely new repository with the contents

of a current working copy (losing all history, restarting at revision number 1), we would
like 
to preserve history: A set of authorized people should still be able to checkout old revisions

and see old log messages, just everyone else should be restriced to todays head and all future

revisions.


+++ Variant 1 +++

As there seems to be no direct way to achieve this, we are now wondering if combining   svn
copy 
   with path-based authorization as described at 
<http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html> is a viable

alternative.

That is, we would import the original repository into a subdirectory of the new one (with
full 
history), then svn copy, e.g.:

svn copy  http://.../new-repos/imported-old  http://.../new-repos/public

then restrict access to path "imported".


+++ Variant 2 +++

A variant of this would be to not import the old repository into the new one, but refer to
it 
with svn:externals, then   svn copy   the external repository into the local one as above.

Access to the external repository would be set on a per-repository level as usual.


+++ Questions :-) +++

a) Is there a (maybe entirely different) solution to the problem that is simpler and/or more

direct than variant 1 or 2?

b) Is the key idea "replace revision-number-based access by path-based access" reasonable
at all?

c) Does   svn copy   preserve history when used with svn:externals?

d) What happens is the externals repository is not available, either because it has 
per-repository access restrictions or the network is unavailable, machine is down, etc.?


We'd be very happy and grateful for any comments and help.

Thank you very much, and best regards,
Carsten


Mime
View raw message