On Tue, Dec 21, 2010 at 10:59 AM, David Aldrich <[email protected]> wrote: > Thanks for your help. Yes, the branches, tags, and trunk directories are at > the root. In your suggestion, I am worried that a developer might create a > branch containing ConfidentialFolder in /branches rather than in > /branches/ConfidentialBranches, by mistake. Do you agree that is a problem?
Sure, that's a possible issue. One of the biggest problems with Subversion is that it is almost impossible to delete any information from the repository. You put in confidential information in the wrong place, and you basically have to do a dump/filter/load to remove it from the repository. To solve this issue, you can create a pre-commit hook that will prevent someone from copying the confidential information project to the plain /branches branch. When a copy is done, svnlook will list where the copy is from, and your hook can intercept this information. I don't think my kitchen-sink pre-commit hook can be configured to prevent this from happening. My script can prevent particular people from creating a tag or branch, but never looks at the "to" information. You'll have to write your own hook script. Fortunately, it isn't too difficult -- especially since you're just checking for a very simple thing. Do you see an "A' transaction where the from is from the confidential directory and the "to" is to the branches directory? If so, fail the transaction. -- David Weintraub [email protected]
