|
||||||||
|
This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira |
||||||||
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
stephenconnolly: consider /trunk/publicproject needs an (svn:externals) to /trunk/sharedlib. The user can then still just add the external definition to /trunk/secretproject and will be able to get the code. You are right where you started before the changes. There is nothing you can do here. IMHO the current behaviour is not adding security but only complexity/obscurity, which is always bad. If you run a public Jenkins instance using a subversion repository with non public code you have to know what you are doing. I think this scenario should be documented on the plug-in page to make sysadmins aware. But I don't think that this is solvable in the plug-in without adding even more complexity.
Maybe it would be better to default "Ignore externals" to "on" and in case the user switches this off notify the user about the possible pitfalls. He can then easily decide to just configure the external explicitly as an additional module.