Re: Branching Questions
On Sat, Jul 2, 2011 at 5:17 PM, Daniel Shahaf wrote: > Could you please be more precise? svn+ssh:// is completely fine (if you > configure authorized_keys(5) correctly), it's admins who give their > users filesystem write access to the repository directory who are the > problem. I consider svn+ssh the closest thing to remotely securable access for Subversion. I didn't mean to deprecate it in any way. I may have misunderstood the phrase "possibly some Apache configuration tweaks" to mean doing path based control on the Apache server side. This is surprisingly common: I've been forced to use it several times for employers. The problem is that if it's done purely in the Apache configuration, that access control will have no affect on file:// or svn+ssh:// based access, and this is actually what the "Subversion Red Book" describes. svnserve path based access control, which is what svn+ssh uses, is entirely distinct from Apache access control in the examples. I've not personally used both at the same time because the security model winds up very confused. Getting Subversion services under "suexec" doesn't work, and putting in authorized_keys for the apache daemon owner gets... crazy making. So you wind up doing things like common group ownership and sgid directory settings, which are *not* propagated by svnadmin hotcopy. So running both access methods at the same time, with anything other than read-only public access for the Apache service, gets nutty.
Re: Branching Questions
Could you please be more precise? svn+ssh:// is completely fine (if you configure authorized_keys(5) correctly), it's admins who give their users filesystem write access to the repository directory who are the problem. Nico Kadel-Garcia wrote on Sat, Jul 02, 2011 at 11:59:44 -0400: > On Fri, Jul 1, 2011 at 11:26 AM, Geoff Hoffman > wrote: > > > >> 3. What is the best way to lock the Trunk so only certain users can access > >> it, using Hook Script or using admin tool? > > > > > >> > >> use Subversion's built-in path-based authorization or > >> possibly some Apache configuration tweaks > > > > > > I just followed this guide yesterday, coincidentally, and it worked > > perfectly > > http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/ > > > > Not that it's utterly useless for file:/// or svn_ssh:/// based > access, and if you support those separate access methods in parallel > or instead of HTTP/WebDAV based access, you'll need to rethink your > acess control.
Re: Branching Questions
On Fri, Jul 1, 2011 at 11:26 AM, Geoff Hoffman wrote: > >> 3. What is the best way to lock the Trunk so only certain users can access >> it, using Hook Script or using admin tool? > > >> >> use Subversion's built-in path-based authorization or >> possibly some Apache configuration tweaks > > > I just followed this guide yesterday, coincidentally, and it worked > perfectly > http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/ > Not that it's utterly useless for file:/// or svn_ssh:/// based access, and if you support those separate access methods in parallel or instead of HTTP/WebDAV based access, you'll need to rethink your acess control.
Re: Branching Questions
On 7/1/2011 11:26 AM, Geoff Hoffman wrote: 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? use Subversion's built-in path-based authorization or possibly some Apache configuration tweaks I just followed this guide yesterday, coincidentally, and it worked perfectly http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/ After getting the question clarified the customer was not using the word "lock" properly. We have an extensive ACL (one only for several hundred Repositories) and just about every access scenario down to the file level., so in this particular case there is no issue, as we are well versed in Apache and Subversion authz in combination with LDAP and the svn access file. thanks for you responses
Re: Branching Questions
On 7/1/2011 9:57 AM, Andy Levy wrote: Please stop top-posting. The convention on this mailing list is to bottom- or inline-post, and quote the relevant portions you're responding to. On Fri, Jul 1, 2011 at 09:43, Phil Pinkerton wrote: Interesting, Can you (or anyone else) provide a few scenario examples from your experience (not related to horses and besides those given in the svnbook.red-bean)? What are you looking for, exactly? If you need to restrict all access to a path, including read access, then you need to use Subversion's built-in path-based authorization or possibly some Apache configuration tweaks. The links you were given describe this very well - it's up to you to read& understand how they apply to your environment. If you need to restrict write access, you can use path-based authorization or a hook script. One script commonly used for this is svnperms.py svnperms.py requires more setup, but allows for wildcards and finer-grained control. If you're asking someone to show you a reference implementation, everyone's implementation of access control is a little different; it's best if you understand *how* it works and then how you can apply it to your environment. On 7/1/2011 8:11 AM, Tony Sweeney wrote: Sorry, that's a common British idiom which obviously doesn't travel. Racehorses vary in strength, speed, stamina and temperament; some race horses do better in "heavier going" (i.e. a softer, muddier track), some race faster on a dry course, and of course racecourses vary in length. So there's no single answer to "which is the best horse", as there are "horses for courses". Makes sense now? Which approach you take to (3) depends on the existing customer set up. There are a number of tradeoffs, so there's no single right answer. Tony. -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 12:45 To: Tony Sweeney Cc: Subversion User List Subject: Re: Branching Questions Thanks for the quick response. However I have no clue what you mean by Horses for courses. and I certainly cannot reply to my clients question with such an answer. On 7/1/2011 7:03 AM, Tony Sweeney wrote: -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 11:58 To: Subversion User List Subject: Branching Questions 1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? It won't 2. There is no limit on number of branches you can create, is this true ? Effectively. 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Horses for courses. Phil __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 I have reset Lanikai to use "bottom" reply. thanks for the reminder
Re: Branching Questions
> 3. What is the best way to lock the Trunk so only certain users can access > it, using Hook Script or using admin tool? > use Subversion's built-in path-based authorization or > possibly some Apache configuration tweaks I just followed this guide yesterday, coincidentally, and it worked perfectly http://davidwinter.me/articles/2006/03/03/access-control-for-subversion-with-apache2-and-authz/
RE: Branching Questions
-Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 15:50 To: Andy Levy Cc: Tony Sweeney; Subversion User List Subject: Re: Branching Questions On 7/1/2011 9:57 AM, Andy Levy wrote: > Please stop top-posting. > I was simply following the responce format to my orignial email, I understand about bottom response, but thing change so I just followed what I recieved. Which was, in fact, my fault, as I thought I was replying only to Phil. (I would blame Outlook, which is what my employer provides, but a bad workman &c.). Tony. __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11
Re: Branching Questions
On 7/1/2011 9:57 AM, Andy Levy wrote: Please stop top-posting. The convention on this mailing list is to bottom- or inline-post, and quote the relevant portions you're responding to. On Fri, Jul 1, 2011 at 09:43, Phil Pinkerton wrote: Interesting, Can you (or anyone else) provide a few scenario examples from your experience (not related to horses and besides those given in the svnbook.red-bean)? What are you looking for, exactly? If you need to restrict all access to a path, including read access, then you need to use Subversion's built-in path-based authorization or possibly some Apache configuration tweaks. The links you were given describe this very well - it's up to you to read& understand how they apply to your environment. If you need to restrict write access, you can use path-based authorization or a hook script. One script commonly used for this is svnperms.py svnperms.py requires more setup, but allows for wildcards and finer-grained control. If you're asking someone to show you a reference implementation, everyone's implementation of access control is a little different; it's best if you understand *how* it works and then how you can apply it to your environment. On 7/1/2011 8:11 AM, Tony Sweeney wrote: Sorry, that's a common British idiom which obviously doesn't travel. Racehorses vary in strength, speed, stamina and temperament; some race horses do better in "heavier going" (i.e. a softer, muddier track), some race faster on a dry course, and of course racecourses vary in length. So there's no single answer to "which is the best horse", as there are "horses for courses". Makes sense now? Which approach you take to (3) depends on the existing customer set up. There are a number of tradeoffs, so there's no single right answer. Tony. -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 12:45 To: Tony Sweeney Cc: Subversion User List Subject: Re: Branching Questions Thanks for the quick response. However I have no clue what you mean by Horses for courses. and I certainly cannot reply to my clients question with such an answer. On 7/1/2011 7:03 AM, Tony Sweeney wrote: -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 11:58 To: Subversion User List Subject: Branching Questions 1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? It won't 2. There is no limit on number of branches you can create, is this true ? Effectively. 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Horses for courses. Phil __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 I was simply following the responce format to my orignial email, I understand about bottom response, but thing change so I just followed what I recieved.
Re: Branching Questions
I suppose the question was a bit ambiguous, I see your point I'll ask for clarity. On 7/1/2011 9:57 AM, Andy Levy wrote: Please stop top-posting. The convention on this mailing list is to bottom- or inline-post, and quote the relevant portions you're responding to. On Fri, Jul 1, 2011 at 09:43, Phil Pinkerton wrote: Interesting, Can you (or anyone else) provide a few scenario examples from your experience (not related to horses and besides those given in the svnbook.red-bean)? What are you looking for, exactly? If you need to restrict all access to a path, including read access, then you need to use Subversion's built-in path-based authorization or possibly some Apache configuration tweaks. The links you were given describe this very well - it's up to you to read& understand how they apply to your environment. If you need to restrict write access, you can use path-based authorization or a hook script. One script commonly used for this is svnperms.py svnperms.py requires more setup, but allows for wildcards and finer-grained control. If you're asking someone to show you a reference implementation, everyone's implementation of access control is a little different; it's best if you understand *how* it works and then how you can apply it to your environment. On 7/1/2011 8:11 AM, Tony Sweeney wrote: Sorry, that's a common British idiom which obviously doesn't travel. Racehorses vary in strength, speed, stamina and temperament; some race horses do better in "heavier going" (i.e. a softer, muddier track), some race faster on a dry course, and of course racecourses vary in length. So there's no single answer to "which is the best horse", as there are "horses for courses". Makes sense now? Which approach you take to (3) depends on the existing customer set up. There are a number of tradeoffs, so there's no single right answer. Tony. -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 12:45 To: Tony Sweeney Cc: Subversion User List Subject: Re: Branching Questions Thanks for the quick response. However I have no clue what you mean by Horses for courses. and I certainly cannot reply to my clients question with such an answer. On 7/1/2011 7:03 AM, Tony Sweeney wrote: -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 11:58 To: Subversion User List Subject: Branching Questions 1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? It won't 2. There is no limit on number of branches you can create, is this true ? Effectively. 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Horses for courses. Phil __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11
Re: Branching Questions
Please stop top-posting. The convention on this mailing list is to bottom- or inline-post, and quote the relevant portions you're responding to. On Fri, Jul 1, 2011 at 09:43, Phil Pinkerton wrote: > Interesting, > > Can you (or anyone else) provide a few scenario examples from your > experience (not related to horses and besides those given in the > svnbook.red-bean)? What are you looking for, exactly? If you need to restrict all access to a path, including read access, then you need to use Subversion's built-in path-based authorization or possibly some Apache configuration tweaks. The links you were given describe this very well - it's up to you to read & understand how they apply to your environment. If you need to restrict write access, you can use path-based authorization or a hook script. One script commonly used for this is svnperms.py svnperms.py requires more setup, but allows for wildcards and finer-grained control. If you're asking someone to show you a reference implementation, everyone's implementation of access control is a little different; it's best if you understand *how* it works and then how you can apply it to your environment. > On 7/1/2011 8:11 AM, Tony Sweeney wrote: >> >> Sorry, that's a common British idiom which obviously doesn't travel. >> Racehorses vary in strength, speed, stamina and temperament; some race >> horses do better in "heavier going" (i.e. a softer, muddier track), some >> race faster on a dry course, and of course racecourses vary in length. >> So there's no single answer to "which is the best horse", as there are >> "horses for courses". Makes sense now? Which approach you take to (3) >> depends on the existing customer set up. There are a number of >> tradeoffs, so there's no single right answer. >> >> Tony. >> >> -----Original Message- >> From: Phil Pinkerton [mailto:pcpinker...@gmail.com] >> Sent: 01 July 2011 12:45 >> To: Tony Sweeney >> Cc: Subversion User List >> Subject: Re: Branching Questions >> >> Thanks for the quick response. >> >> However I have no clue what you mean by Horses for courses. >> >> and I certainly cannot reply to my clients question with such an answer. >> >> On 7/1/2011 7:03 AM, Tony Sweeney wrote: >>> >>> -Original Message- >>> From: Phil Pinkerton [mailto:pcpinker...@gmail.com] >>> Sent: 01 July 2011 11:58 >>> To: Subversion User List >>> Subject: Branching Questions >>> >>> >>> 1. We are creating branch out of previous branch, if we want to delete >>> a old branch or archive it how it will impact the current branch ? >>> >>> It won't >>> >>> 2. There is no limit on number of branches you can create, is this >>> true ? >>> >>> Effectively. >>> >>> 3. What is the best way to lock the Trunk so only certain users can >>> access it, using Hook Script or using admin tool? >>> >>> Horses for courses. >>> >>> >>> Phil >>> >>> >>> __ >>> This email has been scanned by the MessageLabs Email Security System. >>> For more information please visit http://www.messagelabs.com/email >>> __ >>> >>> - >>> No virus found in this message. >>> Checked by AVG - www.avg.com >>> Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: >>> 06/30/11 >>> >> __ >> This email has been scanned by the MessageLabs Email Security System. >> For more information please visit http://www.messagelabs.com/email >> __ >> >> - >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 >> >
Re: Branching Questions
Interesting, Can you (or anyone else) provide a few scenario examples from your experience (not related to horses and besides those given in the svnbook.red-bean)? On 7/1/2011 8:11 AM, Tony Sweeney wrote: Sorry, that's a common British idiom which obviously doesn't travel. Racehorses vary in strength, speed, stamina and temperament; some race horses do better in "heavier going" (i.e. a softer, muddier track), some race faster on a dry course, and of course racecourses vary in length. So there's no single answer to "which is the best horse", as there are "horses for courses". Makes sense now? Which approach you take to (3) depends on the existing customer set up. There are a number of tradeoffs, so there's no single right answer. Tony. -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 12:45 To: Tony Sweeney Cc: Subversion User List Subject: Re: Branching Questions Thanks for the quick response. However I have no clue what you mean by Horses for courses. and I certainly cannot reply to my clients question with such an answer. On 7/1/2011 7:03 AM, Tony Sweeney wrote: -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 11:58 To: Subversion User List Subject: Branching Questions 1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? It won't 2. There is no limit on number of branches you can create, is this true ? Effectively. 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Horses for courses. Phil __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11 __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11
RE: Branching Questions
Sorry, that's a common British idiom which obviously doesn't travel. Racehorses vary in strength, speed, stamina and temperament; some race horses do better in "heavier going" (i.e. a softer, muddier track), some race faster on a dry course, and of course racecourses vary in length. So there's no single answer to "which is the best horse", as there are "horses for courses". Makes sense now? Which approach you take to (3) depends on the existing customer set up. There are a number of tradeoffs, so there's no single right answer. Tony. -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 12:45 To: Tony Sweeney Cc: Subversion User List Subject: Re: Branching Questions Thanks for the quick response. However I have no clue what you mean by Horses for courses. and I certainly cannot reply to my clients question with such an answer. On 7/1/2011 7:03 AM, Tony Sweeney wrote: > > > -Original Message- > From: Phil Pinkerton [mailto:pcpinker...@gmail.com] > Sent: 01 July 2011 11:58 > To: Subversion User List > Subject: Branching Questions > > > 1. We are creating branch out of previous branch, if we want to delete > a old branch or archive it how it will impact the current branch ? > > It won't > > 2. There is no limit on number of branches you can create, is this > true ? > > Effectively. > > 3. What is the best way to lock the Trunk so only certain users can > access it, using Hook Script or using admin tool? > > Horses for courses. > > > Phil > > > __ > This email has been scanned by the MessageLabs Email Security System. > For more information please visit http://www.messagelabs.com/email > __ > > - > No virus found in this message. > Checked by AVG - www.avg.com > Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: > 06/30/11 > __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11
Re: Branching Questions
Guten Tag Phil Pinkerton, am Freitag, 1. Juli 2011 um 12:58 schrieben Sie: > 3. What is the best way to lock the Trunk so only certain users can > access it, using Hook Script or using admin tool? This depends on what you mean with locking. Do you mean the subversion way as in [1] or access rights? In the latter [2] and [3] for path bases authorization should help you. [1]: http://svnbook.red-bean.com/nightly/en/svn.advanced.locking.html [2]: http://svnbook.red-bean.com/nightly/en/svn.serverconfig.svnserve.html#svn.serverconfig.svnserve.auth.general [3]: http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html Mit freundlichen Grüßen, Thorsten Schöning -- Thorsten Schöning AM-SoFT IT-Systeme - Hameln | Potsdam | Leipzig Telefon: Potsdam: 0331-743881-0 E-Mail: tschoen...@am-soft.de Web: http://www.am-soft.de AM-SoFT GmbH IT-Systeme, Konsumhof 1-5, 14482 Potsdam Amtsgericht Potsdam HRB 21278 P, Geschäftsführer: Andreas Muchow
Re: Branching Questions
Thanks for the quick response. However I have no clue what you mean by Horses for courses. and I certainly cannot reply to my clients question with such an answer. On 7/1/2011 7:03 AM, Tony Sweeney wrote: -Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 11:58 To: Subversion User List Subject: Branching Questions 1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? It won't 2. There is no limit on number of branches you can create, is this true ? Effectively. 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Horses for courses. Phil __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11
RE: Branching Questions
-Original Message- From: Phil Pinkerton [mailto:pcpinker...@gmail.com] Sent: 01 July 2011 11:58 To: Subversion User List Subject: Branching Questions 1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? It won't 2. There is no limit on number of branches you can create, is this true ? Effectively. 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Horses for courses. Phil __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1388 / Virus Database: 1516/3736 - Release Date: 06/30/11
Branching Questions
1. We are creating branch out of previous branch, if we want to delete a old branch or archive it how it will impact the current branch ? 2. There is no limit on number of branches you can create, is this true ? 3. What is the best way to lock the Trunk so only certain users can access it, using Hook Script or using admin tool? Phil