Hi Ivan,
I committed to drafting some change notes for this change quite some time ago.
- Below is a draft of a section to include in Release Notes. I suggest just
after In repository authz.
- Patch contains line for CHANGES
- Patch contains clarification and new example for mod_authz_svn
On 01/16/2013 01:54 PM, Thomas Åkesson wrote:
Hi Ivan,
I committed to drafting some change notes for this change quite some time
ago.
- Below is a draft of a section to include in Release Notes. I suggest
just after In repository authz. - Patch contains line for CHANGES -
Patch contains
On 16 jan 2013, at 20:15, C. Michael Pilato wrote:
On 01/16/2013 01:54 PM, Thomas Åkesson wrote:
Hi Ivan,
I committed to drafting some change notes for this change quite some time
ago.
- Below is a draft of a section to include in Release Notes. I suggest
just after In repository
On 01/16/2013 02:27 PM, Thomas Åkesson wrote:
On 16 jan 2013, at 20:15, C. Michael Pilato wrote:
On 01/16/2013 01:54 PM, Thomas Åkesson wrote:
Hi Ivan,
I committed to drafting some change notes for this change quite some time
ago.
- Below is a draft of a section to include in Release
On 16 jan 2013, at 20:44, C. Michael Pilato wrote:
On 01/16/2013 02:27 PM, Thomas Åkesson wrote:
On 16 jan 2013, at 20:15, C. Michael Pilato wrote:
On 01/16/2013 01:54 PM, Thomas Åkesson wrote:
Hi Ivan,
I committed to drafting some change notes for this change quite some time
ago.
On 01/16/2013 03:07 PM, Thomas Åkesson wrote:
I think you have improved this complicated piece.
Good, 'cause that's what I committed. :-)
Btw, I tried to convey the difficulty of combining Anonymous and
authenticated access (you wrote about that long ago) in the Note under
Example 2. Hope
On Mon, Nov 12, 2012 at 4:23 PM, Ivan Zhakov i...@visualsvn.com wrote:
On Mon, Nov 12, 2012 at 2:28 AM, Thomas Åkesson
thomas.akes...@simonsoft.se wrote:
On 9 nov 2012, at 18:45, Ivan Zhakov wrote:
On Thu, Nov 8, 2012 at 6:49 PM, Thomas Åkesson
thomas.akes...@simonsoft.se wrote:
On 14 nov 2012, at 11:53, Ivan Zhakov i...@visualsvn.com wrote:
Confirmed as far as my testing goes (did not test short_circuit). I suggest
committing the patch with GET subrequest and potentially change all to
HEAD in a separate commit if there is consensus.
Committed in r1408184.
I doubt
On Mon, Nov 12, 2012 at 2:28 AM, Thomas Åkesson
thomas.akes...@simonsoft.se wrote:
On 9 nov 2012, at 18:45, Ivan Zhakov wrote:
On Thu, Nov 8, 2012 at 6:49 PM, Thomas Åkesson
thomas.akes...@simonsoft.se wrote:
Parentpath on /svn/ and Satisfy Any:
- Access without auth displays repositories
On 9 nov 2012, at 18:45, Ivan Zhakov wrote:
On Thu, Nov 8, 2012 at 6:49 PM, Thomas Åkesson
thomas.akes...@simonsoft.se wrote:
Parentpath on /svn/ and Satisfy Any:
- Access without auth displays repositories with anonymous access, auth is
not requested.
- Access with auth displays
On Thu, Nov 8, 2012 at 6:49 PM, Thomas Åkesson
thomas.akes...@simonsoft.se wrote:
On 5 nov 2012, at 00:21, Thomas Åkesson wrote:
Hi Thomas,
Thank you for comprehensive testing! See my reply inline.
I have meant to set up a test server with our reference configuration to
validate the patch
On 5 nov 2012, at 09:11, Branko Čibej wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I primarily wanted to see that HEAD requests
were not allowed in situations where GET is not
On 5 nov 2012, at 00:21, Thomas Åkesson wrote:
I have meant to set up a test server with our reference configuration to
validate the patch under realistic circumstances. Unfortunately, the SLES
activation servers have been down for several hours (we don't have dev tools
on our VM
Thomas Åkesson wrote on Thu, Nov 08, 2012 at 15:15:03 +0100:
On 5 nov 2012, at 09:11, Branko Čibej wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I primarily wanted to see that
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I primarily wanted to see that HEAD requests
were not allowed in situations where GET is not (e.g. when user has access in
directories
On Nov 5, 2012, at 3:11 AM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I primarily wanted to see that HEAD requests
were not allowed in
On 05.11.2012 12:02, Mark Phippard wrote:
On Nov 5, 2012, at 3:11 AM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I primarily wanted to see that
On Mon, Nov 5, 2012 at 12:11 PM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I primarily wanted to see that HEAD requests
were not allowed in
On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard markp...@gmail.com wrote:
On Nov 5, 2012, at 3:11 AM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I
On Mon, Nov 5, 2012 at 1:15 PM, Ivan Zhakov i...@visualsvn.com wrote:
On Mon, Nov 5, 2012 at 12:11 PM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just as a sanity check. It seems to be a
good choice for access control. I
On Mon, Nov 5, 2012 at 8:01 AM, Lieven Govaerts l...@mobsol.be wrote:
On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard markp...@gmail.com wrote:
On Nov 5, 2012, at 3:11 AM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just
On Mon, Nov 5, 2012 at 8:07 AM, Mark Phippard markp...@gmail.com wrote:
On Mon, Nov 5, 2012 at 8:01 AM, Lieven Govaerts l...@mobsol.be wrote:
On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard markp...@gmail.com wrote:
On Nov 5, 2012, at 3:11 AM, Branko Čibej br...@wandisco.com wrote:
On
On Mon, Nov 5, 2012 at 8:12 AM, Mark Phippard markp...@gmail.com wrote:
On Mon, Nov 5, 2012 at 8:07 AM, Mark Phippard markp...@gmail.com wrote:
On Mon, Nov 5, 2012 at 8:01 AM, Lieven Govaerts l...@mobsol.be wrote:
On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard markp...@gmail.com wrote:
On Nov
Mark,
On Mon, Nov 5, 2012 at 2:12 PM, Mark Phippard markp...@gmail.com wrote:
On Mon, Nov 5, 2012 at 8:07 AM, Mark Phippard markp...@gmail.com wrote:
On Mon, Nov 5, 2012 at 8:01 AM, Lieven Govaerts l...@mobsol.be wrote:
On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard markp...@gmail.com wrote:
On Mon, Nov 5, 2012 at 5:06 PM, Lieven Govaerts l...@mobsol.be wrote:
On Mon, Nov 5, 2012 at 1:15 PM, Ivan Zhakov i...@visualsvn.com wrote:
On Mon, Nov 5, 2012 at 12:11 PM, Branko Čibej br...@wandisco.com wrote:
On 05.11.2012 00:21, Thomas Åkesson wrote:
I did some tests with curl --head just
Thanks Ivan for your work. I have very little experience with the svn codebase
so my review is probably not very valuable. Anyway. looks good to me.
I have meant to set up a test server with our reference configuration to
validate the patch under realistic circumstances. Unfortunately, the SLES
On Tue, Oct 23, 2012 at 4:23 PM, C. Michael Pilato cmpil...@collab.net wrote:
On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
[[[
/* ###
On Fri, Nov 2, 2012 at 4:13 AM, Ivan Zhakov i...@visualsvn.com wrote:
On Tue, Oct 23, 2012 at 4:23 PM, C. Michael Pilato cmpil...@collab.net
wrote:
On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the
On Fri, Nov 2, 2012 at 5:50 PM, Mark Phippard markp...@gmail.com wrote:
On Fri, Nov 2, 2012 at 4:13 AM, Ivan Zhakov i...@visualsvn.com wrote:
On Tue, Oct 23, 2012 at 4:23 PM, C. Michael Pilato cmpil...@collab.net
wrote:
On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
I'm working on the patch to
On Fri, Nov 2, 2012 at 10:09 AM, Ivan Zhakov i...@visualsvn.com wrote:
So on a repository like the ASF or Wordpress where there are
a lot of top level folders then the server might have to do a fair
amount of work to process the request and return. I assume we do not
care about the content of
On 11/02/2012 09:50 AM, Mark Phippard wrote:
On Fri, Nov 2, 2012 at 4:13 AM, Ivan Zhakov i...@visualsvn.com wrote:
Looking forward for your review. Thanks!
+ /* Build a Public Resource uri representing repository root. */
+ uri = svn_urlpath__join(dav_svn__get_root_dir(r),
+
On 02.11.2012 15:25, C. Michael Pilato wrote:
On 11/02/2012 09:50 AM, Mark Phippard wrote:
On Fri, Nov 2, 2012 at 4:13 AM, Ivan Zhakov i...@visualsvn.com wrote:
Looking forward for your review. Thanks!
+ /* Build a Public Resource uri representing repository root. */
+ uri =
On 24 okt 2012, at 15:37, Roderich Schupp wrote:
On Wed, Oct 24, 2012 at 6:09 AM, Daniel Shahaf d...@daniel.shahaf.name
wrote:
Daniel Shahaf wrote on Wed, Oct 24, 2012 at 06:07:45 +0200:
I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
Since I didn't pass -u, in
On Wed, Oct 24, 2012 at 6:09 AM, Daniel Shahaf d...@daniel.shahaf.name wrote:
Daniel Shahaf wrote on Wed, Oct 24, 2012 at 06:07:45 +0200:
I can't reproduce this. 'curl -s https://svn.apache.org/repos/private/'
Since I didn't pass -u, in both cases I was browsing as an anonymous user.
That
On Thu, Oct 18, 2012 at 2:06 PM, Thomas Åkesson tho...@akesson.cc wrote:
There was a discussion in April 2010 regarding the fix for issue 2753.
http://svn.haxx.se/dev/archive-2010-04/0277.shtml
[...]
During the 2010 discussion Mike suggested something that we (Simonsoft)
would be very happy
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
Please keep in mind that the problem is not restricted to parent-path
collections
of repositories: Since SVN 1.7 any user can list the
On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
[[[
/* ### TODO: We could test for readability of the root
directory of each
On Tue, Oct 23, 2012 at 4:23 PM, C. Michael Pilato cmpil...@collab.net wrote:
On 10/23/2012 07:24 AM, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
[[[
/* ###
On Tue, Oct 23, 2012 at 04:29:51PM +0400, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
[[[
/* ### TODO: We could test for readability of the root
On 10/23/2012 08:48 AM, Stefan Sperling wrote:
On Tue, Oct 23, 2012 at 04:29:51PM +0400, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
[[[
/* ### TODO: We could
On 23.10.2012 13:48, Stefan Sperling wrote:
On Tue, Oct 23, 2012 at 04:29:51PM +0400, Ivan Zhakov wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
[[[
/* ### TODO: We could test
On 23 okt 2012, at 14:22, roderich.sch...@gmail.com wrote:
I'm working on the patch to list only readable repositories. There is
already TODO comment in the code by cmpilato:
subversion\mod_dav_svn\repos.c:3461
Thanks Ivan for looking into it. Let's see if it is feasible to address.
On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson tho...@akesson.cc wrote:
Are you saying that SVN 1.7 always allows browsing the root but it is empty
when the user lacks authz?
Yes - for a standalone repository (i.e. one specified with SVNPath,
_not_ with SVNParentPath)
Cheers, Roderich
Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson tho...@akesson.cc wrote:
Are you saying that SVN 1.7 always allows browsing the root but it is empty
when the user lacks authz?
Yes - for a standalone repository (i.e. one
Daniel Shahaf wrote on Wed, Oct 24, 2012 at 06:07:45 +0200:
Roderich Schupp wrote on Wed, Oct 24, 2012 at 00:54:07 +0200:
On Wed, Oct 24, 2012 at 12:08 AM, Thomas Åkesson tho...@akesson.cc wrote:
Are you saying that SVN 1.7 always allows browsing the root but it is
empty
when the user
To clarify what this issue is about:
Subversion 1.7 leaks repository names when configured with SVNListParentPath
and AuthzSVNAccessFile. It might have been unintentional, but with Subversion
1.6 (and earlier) it was possible to control access to the repository list
(Collection of Repositories)
Thomas Åkesson wrote on Mon, Oct 22, 2012 at 17:20:44 +0200:
On 19 okt 2012, at 02:07, Daniel Shahaf wrote:
This is complicated by:
- THe DAV protocol does not prompt for authentication for resources
readable by anonymous (for this, see cmpilato's old foo-no-anon
blog post).
Hmm,
to
display the repositories where the user has access.
Status in Subversion 1.7
- The fix for issue 2753 presumably enables SVNListParentPath to work with
authz on server root. By completely removing authz on Collection of
Repositories (?).
- It is no longer possible to protect Collection
48 matches
Mail list logo
