On Sun, Feb 20, 2011 at 12:36 PM, Daniel creo Haslinger < creo-23985-subvers...@blackmesa.at> wrote:
> I am not sure if it is proper behavior to ignore a whole file instead > of a single misconfigured line. > > Of course there might be some reason to do this I'm not aware of, > but I can't think of one yet :-) > The only problem I can see is it might result in more access than intended. e.g., what if the default is "*=rw", and I do "r=*" in an entry? If it just works, I might not realize right away that all users still have write access. On the other hand, in general the Subversion project maintainers' policy seems to be to discourage use of path-based access control (see the box on http://svnbook.red-bean.com/en/1.5/svn.serverconfig.pathbasedauthz.html), so it's possible you might get some people to agree that having the security "fail open" is desirable here. -- David Brodbeck System Administrator, Linguistics University of Washington
