You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Lev Serebryakov <le...@serebryakov.spb.ru> on 2003/10/27 21:33:06 UTC
ACLs: Full support in file system after 1.0? But wat about tags?
Hello, users! How are you?
It will be nice to see full NTFS-like ACLs in svn filesystem. It
will allow to manage all access rights with `svn' command, from remote
computer, without having access to Apache's configuration or pre-commit
hooks. It will be great, but I understand, that it could wait for
after-1.0 phase.
But one case is important, IMHO. TAGS. Ok, tag is copy of repository
(or project in repository) in `tags' or other `well-known' part of
tree. But tag in SCM, IMHO, should be unchangeable. After tag is
set, no one could change it (ok, no one, but admin, may be). And now
we have tags, which is not technically protected. It is bad, IMHO.
And change Apache's config or pre-commit script after each tag
creation is not good idea too: developer could don't have access to
these files!
May be here is any plans to add a "read-only" mark to repository?
May be via property?
--
Lev Serebryakov
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: Re[2]: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by Sander Striker <st...@apache.org>.
> From: Lev Serebryakov [mailto:lev@serebryakov.spb.ru]
> Sent: Tuesday, October 28, 2003 1:24 PM
> Hello, John!
> Tuesday, October 28, 2003, 2:41:54 PM, you wrote:
>
> JS> You could probably write a pre-commit script that used 'svnlook changed' to
> JS> watch which paths are being modified and fail if a tag is being updated.
> `svnlook changed' works with transactions in process?
Correct.
> JS> I don't think that would be too hard to do. I'd probably work much like
> JS> commit-access-control.pl does now.
> In any case, there are one change operation on `tags' tree:
> creation of new tag. If script could separate two cases: `we crteate
> brand-new subtree of `tags' directory' and `we change something in
> old tag (add new files, too!)', it will work.
It can. It tells you if something was modified/added/deleted.
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re[2]: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by Lev Serebryakov <le...@serebryakov.spb.ru>.
Hello, John!
Tuesday, October 28, 2003, 2:41:54 PM, you wrote:
JS> You could probably write a pre-commit script that used 'svnlook changed' to
JS> watch which paths are being modified and fail if a tag is being updated.
`svnlook changed' works with transactions in process?
JS> I don't think that would be too hard to do. I'd probably work much like
JS> commit-access-control.pl does now.
In any case, there are one change operation on `tags' tree:
creation of new tag. If script could separate two cases: `we crteate
brand-new subtree of `tags' directory' and `we change something in
old tag (add new files, too!)', it will work.
Lev Serebryakov
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by John Szakmeister <jo...@szakmeister.net>.
On Monday 27 October 2003 19:40, kfogel@collab.net wrote:
> Lev Serebryakov <le...@serebryakov.spb.ru> writes:
> > And change Apache's config or pre-commit script after each tag
> > creation is not good idea too: developer could don't have access to
> > these files!
> >
> > May be here is any plans to add a "read-only" mark to repository?
> > May be via property?
>
> We think it's not a crisis, because a change to a tag could be easily
> detected (by 'svn log', or just by reading commit mails) and reverted.
You could probably write a pre-commit script that used 'svnlook changed' to
watch which paths are being modified and fail if a tag is being updated.
I don't think that would be too hard to do. I'd probably work much like
commit-access-control.pl does now.
-John
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re[2]: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by Lev Serebryakov <le...@serebryakov.spb.ru>.
Hello, kfogel!
Tuesday, October 28, 2003, 3:40:57 AM, you wrote:
>> May be here is any plans to add a "read-only" mark to repository?
>> May be via property?
kcn> We think it's not a crisis, because a change to a tag could be easily
kcn> detected (by 'svn log', or just by reading commit mails) and reverted.
ANY change could be detected with `svn log' and reverted. So, we
don't need any ACLs and any fine-grained (more than could do
operation with repo/couldn't even read) access control?
--
Lev Serebryakov
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Re[2]: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by kf...@collab.net.
Lev Serebryakov <le...@serebryakov.spb.ru> writes:
> kcn> We think it's not a crisis, because a change to a tag could be easily
> kcn> detected (by 'svn log', or just by reading commit mails) and reverted.
>
> And what I want to add: if we `notice & revert' changes on tag, here
> will be time gap when automatic build system, customer, user or
> something else could take content tag (release), build software and
> after that we have support nightmare: release, which is not a real
> release :(
I didn't say it was perfect, I just said it wasn't a crisis :-).
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re[2]: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by Lev Serebryakov <le...@serebryakov.spb.ru>.
Hello, kfogel!
Tuesday, October 28, 2003, 3:40:57 AM, you wrote:
>> May be here is any plans to add a "read-only" mark to repository?
>> May be via property?
kcn> We think it's not a crisis, because a change to a tag could be easily
kcn> detected (by 'svn log', or just by reading commit mails) and reverted.
And what I want to add: if we `notice & revert' changes on tag, here
will be time gap when automatic build system, customer, user or
something else could take content tag (release), build software and
after that we have support nightmare: release, which is not a real
release :(
Lev Serebryakov
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by kf...@collab.net.
Lev Serebryakov <le...@serebryakov.spb.ru> writes:
> And change Apache's config or pre-commit script after each tag
> creation is not good idea too: developer could don't have access to
> these files!
>
> May be here is any plans to add a "read-only" mark to repository?
> May be via property?
We think it's not a crisis, because a change to a tag could be easily
detected (by 'svn log', or just by reading commit mails) and reverted.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re[2]: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by Lev Serebryakov <le...@serebryakov.spb.ru>.
Hello, Branko!
Tuesday, October 28, 2003, 1:15:30 AM, you wrote:
BC> Why do you need a read-only bit *in addition* if you can get the same
BC> behaviour with ACLs?
Because `read-only bit' we need before ACLs. ACLs could wait AFTER
1.0 and `read-only' (for tags) should be pre-1.0 feature, _IMHO_
Lev Serebryakov
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: ACLs: Full support in file system after 1.0? But wat about tags?
Posted by Branko Čibej <br...@xbc.nu>.
Lev Serebryakov wrote:
>Hello, users! How are you?
>
> It will be nice to see full NTFS-like ACLs in svn filesystem. It
> will allow to manage all access rights with `svn' command, from remote
> computer, without having access to Apache's configuration or pre-commit
> hooks. It will be great, but I understand, that it could wait for
> after-1.0 phase.
>
> But one case is important, IMHO. TAGS. Ok, tag is copy of repository
> (or project in repository) in `tags' or other `well-known' part of
> tree. But tag in SCM, IMHO, should be unchangeable. After tag is
> set, no one could change it (ok, no one, but admin, may be). And now
> we have tags, which is not technically protected. It is bad, IMHO.
>
> And change Apache's config or pre-commit script after each tag
> creation is not good idea too: developer could don't have access to
> these files!
>
> May be here is any plans to add a "read-only" mark to repository?
> May be via property?
>
>
Why do you need a read-only bit *in addition* if you can get the same
behaviour with ACLs?
--
Brane Čibej <br...@xbc.nu> http://www.xbc.nu/brane/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org