On 25.07.2018 08:21, Daniel Shahaf wrote: > Philip Martin wrote on Tue, 24 Jul 2018 23:37 +0100: >> Branko Čibej <br...@apache.org> writes: >>> It describes designed behaviour. If we change it, we should do it >>> carefully, as I wrote above. Also I think it turns out that the authz >>> section in the release notes misses a behaviour change or two. It should >>> probably include the whole Inheritance and Disambiguation list, however >>> we end up changing it. >> The most important thing is to document the change in behaviour of the >> non-glob rules between 1.9 and 1.10. >> > +1; we should document any incompatible changes (regardless of whether > they were intentional or not). > >> The problem I have is that I still don't know if the changes are >> intentional. Of these undocumented (in the release notes) changes there >> is one that appears to be intentional and two that could be accidental. >> At least the first, intentional, change produces a run-time error if it >> occurs, the other two just lead to different access being granted, one >> less access the other more access. Anyone using a non-trivial authz >> file in 1.9 has to be very careful upgrading to 1.10. >> > Sounds like we should encourage people to write unit tests for their > authz files. This would be fairly easy to implement using 'svnauthz > accessof'. We could ship something in tools/ that takes two > inputs, an authz file and a set of expectations, and validates the authz > file against the expectations.
I think serious admins already do this :) But sure, if someone has the time and inclination to write such tools, they'll surely be useful. -- Brane
