When using svn+ssh://, if the ssh session is killed whilst rep-cache.db is being written to, then the post-commit hook won't run.
The problem is that a malicious committer could intentionally kill the ssh session at that point in time, to prevent post-commit emails from being sent, and so on. Proof of concept: % rm -rf r % svnadmin create r % printf '%s\n' '#!/bin/sh' 'touch /tmp/good' > r/hooks/post-commit % chmod +x r/hooks/post-commit % rm -f /tmp/good % % svnmucc put -mm r/README.txt file://$PWD/r/$RANDOM # creates rep-cache.db % rm /tmp/good % % sqlite3 r/db/rep-cache.db sqlite> begin immediate transaction; sqlite> ^Z zsh: suspended sqlite3 r/db/rep-cache.db % svnmucc put -mm =(date; echo $RANDOM) svn+ssh://localhost/$PWD/r/$RANDOM daniel@localhost's password: ^Z zsh: suspended svnmucc put -mm =(date; echo $RANDOM) svn+ssh://localhost/$PWD/r/$RANDOM % pkill -x ssh % rm /tmp/good rm: cannot remove ‘/tmp/good’: No such file or directory zsh: exit 1 rm /tmp/good
