Les Mikesell wrote on Thu, Aug 19, 2010 at 15:25:51 -0500: > On 8/19/2010 3:13 PM, Daniel Shahaf wrote: >> Let me say that even more clearly: svnrdump is a new CLIENT-SIDE tool. >> It did not change a millimeter in the server code or in the network >> protocols. That severly limits the extent of security issues it can >> introduce. > > I guess it would be the equivalent of svnsync with remote repositories > which just omits the ability to write the intermediate dump format. But, > that brings up the question: are all clients are allowed by the remote > protocol to lie about the author and date? >
Lie? No. But all clients can set the author and date property after the commit. (assuming a pre-revprop-change exists and allows that; that is a precondition for 'svn ps --revprop', 'svnsync', and anything else, to change revprops).
