On 10/11/07, Mark Reibert <svn reibert.com> wrote:
> On Thu, 2007-10-11 at 11:09 +1300, Talden wrote:
> > Making it hard doesn't really resolve data-loss
concerns - besides, if
> > the policy is that Subversion should never, ever
lose content then it
> > should probably at least:
> >
> > - Not provide any official means to tamper with
dump-files.
> > - Consider securing dumps with checksums and
providing only binary
> > dumps containing diffs as this complicates any
efforts to tamper with
> > content.
>
> There is no need to protect dumps in this manner. If
they get messed up,
> one can always re-dump the repo as nothing is ever lost
from there. This
> is the crux of the difference between dump-filtering
and obliterating.
>
> Maybe it is a good thing that this effort be difficult.
If an obliterate
> does get implemented, then I hope it is not too easy
either (or at least
> requires some super-duper special privilege).
IIRC, there was talk of making "obliterate" an
svnadmin command, not
part of the svn client itself. The assumption being that
this way, it
would require a level of access to the repository DB that
only the
admin would have.
As was noted yesterday, we're just recycling the same
conversation
that's been had a dozen times on this list already.
------------------------------------------------------------
---------
To unsubscribe, e-mail: users-unsubscribesubversion.tigris.org
For additional commands, e-mail: users-helpsubversion.tigris.org
|