You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@subversion.apache.org by Greg Hudson <gh...@MIT.EDU> on 2001/03/19 18:18:44 UTC

Re: CVS update: subversion/notes alpha_checklist

(Maybe I'm being bad talking about these pre-M2.  But I'll forget if I
don't bring them up now.)

Ben committed:

>      We need a security architecture that:
>         * will take advantage of Apache

I assume you mean take advantage of Apache from an authentication
perspective.  I'm not convinced we should be taking advantage of it
for authorization ("how ACLs should work"), both because it's not a
good match and because we probably want our authorization model to be
independent of how the repository is accessed.

>         * fits well with the Sourcecast 2.0 framework

This makes me nervous from a "who is driving the design" perspective.

Also, is anyone thinking about versioning of symlinks?

Re: CVS update: subversion/notes alpha_checklist

Posted by Ben Collins-Sussman <su...@newton.ch.collab.net>.

Greg Hudson <gh...@MIT.EDU> writes:

> (Maybe I'm being bad talking about these pre-M2.  But I'll forget if I
> don't bring them up now.)
> 
> Ben committed:
> 
> >      We need a security architecture that:
> >         * will take advantage of Apache
> 
> I assume you mean take advantage of Apache from an authentication
> perspective.  I'm not convinced we should be taking advantage of it
> for authorization ("how ACLs should work"), both because it's not a
> good match and because we probably want our authorization model to be
> independent of how the repository is accessed.

Yes, definitely.

> 
> >         * fits well with the Sourcecast 2.0 framework
> 
> This makes me nervous from a "who is driving the design" perspective.

We need an authorization system that is general enough that anyone can
use it.  Maybe this means ACLs in the filesystem, maybe not.  But yes,
Collabnet wants to be able to authorize fs actions against a SQL
database -- it's no big secret, and Collabnet will probably develop
the plugin as a side-project.  No big deal.

But if you're worried about conflict-of-interest issues, don't be.
Collabnet is pretty smart about open source development methodology. :)

(IOW, Collabnet knows not to annoy the svn community, lest it go off
and fork a new project!)

> 
> Also, is anyone thinking about versioning of symlinks?

I think this is post-1.0, not sure.