Hi, Well, as this is actually something that the SCM itself allows, I would consider just forbidding on my svn server.
This might be an interesting evolution though to be able to enforce this at the maven-release-plugin (though unlikely to happen often since the three usual commits actually happen very close to each others). Cheers 2013/8/5 Nathan Coast <[email protected]> > Classification: Public > > Hi all, > > As SVN tags are simply a convention overlayed on top of SVN directories, > SVN tags are therefore mutable. This opens the possibility that someone > could inject code to a tag between the release:prepare and the > release:perform phases. > > This would mean that the code checked out during release perform phase > could be different from the code which was originally tagged. > > To close this potential loophole, I'm considering this solution: > 1) Modify the behaviour within > org.apache.maven.scm.provider.svn.svnjava.command.tag.SvnTagCommand to > return the tag revision number via TagScmResult > 2) Write the result to release.properties > 3) Utilise the revision number within the checkout command (tag plus > revision#) > > Does anyone have any alternate suggestion for how to solve this? > > Regards, > Nathan > > > > > --- > > This e-mail may contain confidential and/or privileged information. If you > are not the intended recipient (or have received this e-mail in error) > please notify the sender immediately and delete this e-mail. Any > unauthorized copying, disclosure or distribution of the material in this > e-mail is strictly forbidden. > > Please refer to http://www.db.com/en/content/eu_disclosures.htm for > additional EU corporate and regulatory disclosures. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- > Baptiste <Batmat> MATHUS - http://batmat.net > Sauvez un arbre, > Mangez un castor ! nbsp;! <[email protected]>
