Searching for build.xml

[Conor MacNeill <co...@cortexebusiness.com.au>]

As you may recall I expressed some reservations about the feature introduced
in ant 1.2 whereby ant will search up the directory tree for a build.xml
file

I recently asked my sysadmin to install ant 1.2 on our Unix system and,
after reading the release notes, he sent me a colourful email, attached
below.

Dose anyone else, or their sysadmins, think this is a problem?

Thoughts?

Conor


> It is not reasonable to assume a user has control of parent directories
> as you move towards the root, so you get security issues (potentially),
> performance issues (potentially, haven't these guys heard of NFS?) and
> unexpected behaviour in multi level source trees (most probable - 95%
> of confusion/complaints will come from there).
>
> I can't think of a good reason for it, if you really needed to run
> higher level ant files you'd have ant -f ../../build.xml
>
> I've neve seen a piece of userland software (of its
> own accord) investigate much past ".." or "../somedir".
>
> If they insisit on having it as a feature, it'd be quite useful to
>
> 	a. allow the sane to disable the feature with a command line
> 	   switch (an environment variable is probably too subtle)
>
> 	b. make sure we only ever used a patched version in the office
> 	   so it never bites us
>

--
Conor MacNeill
conor@cortexebusiness.com.au
Cortex eBusiness
http://www.cortexebusiness.com.au

Re: Searching for build.xml

[Steve Loughran <st...@iseran.com>]

----- Original Message -----
From: "Conor MacNeill" <co...@cortexebusiness.com.au>
To: "Ant-Dev" <an...@jakarta.apache.org>
Sent: Wednesday, November 01, 2000 11:02 PM
Subject: Searching for build.xml


> As you may recall I expressed some reservations about the feature
introduced
> in ant 1.2 whereby ant will search up the directory tree for a build.xml
> file
>
> I recently asked my sysadmin to install ant 1.2 on our Unix system and,
> after reading the release notes, he sent me a colourful email, attached
> below.
>
> Dose anyone else, or their sysadmins, think this is a problem?

I've had a bad experience with the autosearch function where I had stuck a
build.xml file in c:\ as some interim place to stick things some months ago.

Then sometime this week I type and and it finds that file and runs with it
because I am not quite in the place I think I am. No harm was done this
time, but it gave me a bit of a scare.

In a multiuser environment if someone could sneak in a build.xml upstream
then a user could perhaps be engineered into running a potentially
destructive build file. This isnt likely (you need an odd combination of
rights to make it worthwhile), but conceivable

At the same time, it is slightly handy.

> > a. allow the sane to disable the feature with a command line
> >    switch (an environment variable is probably too subtle)

I think a better approach than a 'search up by default' would be to have the
search disabled by default, with a -search argument to turn it on (perhaps
including number of parent searches).

-steve

Re: Searching for build.xml

[Peter Donald <do...@apache.org>]

At 06:02  2/11/00 +1100, you wrote:
>As you may recall I expressed some reservations about the feature introduced
>in ant 1.2 whereby ant will search up the directory tree for a build.xml
>file
>
>I recently asked my sysadmin to install ant 1.2 on our Unix system and,
>after reading the release notes, he sent me a colourful email, attached
>below.
>
>Dose anyone else, or their sysadmins, think this is a problem?

yep ;)
I agree it is useful (reduced the size of my elisp code heaps) but I never
felt comfortable with it.

Cheers,

Pete

*------------------------------------------------------*
| "Nearly all men can stand adversity, but if you want |
| to test a man's character, give him power."          |
|       -Abraham Lincoln                               |
*------------------------------------------------------*