subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Sperling <>
Subject Re: svnadmin create and not being method agnostic
Date Mon, 03 Jan 2011 13:19:43 GMT
On Sat, Jan 01, 2011 at 10:29:22PM -0500, Nico Kadel-Garcia wrote:
> You've just made my point that it should be automated upstream.

Instead of riding on the obvious shortcomings of a two-line shell
script I was using to badly illustrate an idea, why don't you spend
time writing up a "Setting up Subversion securely" article?
I think you do have the knowledge to do that.
And it would benefit users a lot because we could improve the
documentation based on it.

> And that's fair. Here's a very lightweight, testable, and reverse
> compatible change that would notably improve security models going
> forward. Enjoy.

You have been glossing over one open issue I see with your proposal,
which I have mentioned before:

What if users run svnserve like this:
  svnserve --config-file /etc/svnserve.conf
Should we then still require an svnserve.conf file to be present
in each repository? Even if this svnserve.conf is not used?
Note that per-repos configs do not override the global ones (and we
can't change that), so there's potential for confusion about where
settings actually come from.

I'd rather use a separate marker file (like the git-daemon-export-ok file
in git), but we cannot use a new marker file because of backwards compat.

View raw message