Re: prevent Linux root from seeing my files
Absolutely NOTHING will work if a person has physical access to the server. You simply have to trust whoever is running the computer for you. How would you know that he did not swap out the entire computer? You'd think your data is encrypted but. What if he has replaced system software or is running a modified copy of SVN that logs everything. Without physical control of the computer anyone can re-boot it from a DVD and do what he wants. So all you can hope for is a "weak lock" that keeps out casual browsing of the files. For that simply use the normal UNIX file permissions. Yes it is easy for root to bypass that but if he is willing to do that then (1) he should be fired on the spot and told to go home without delay. and (2) If he can do a "chmod" he can just as easy to a re-boot to a live CD or modify the SVN \server or whatever. If the files absolutly must be private then simply buy your own computer, they are not expensive. On Mon, Nov 29, 2010 at 10:59 AM, Les Mikesell wrote: > On 11/29/2010 11:21 AM, Piotr Kabaciński wrote: >> >>>> If you are able to create dedicated partition you could encrypt repo >>>> like described here: >>>> http://www.hypersphere.org/personal/svn.shtml >>> >>> With some pretty important drawbacks, the no diff/conflict resolution >>> would be >>> a dealbreaker for me >> >> With encryption on filesystem level files in repo are not saved as >> binary (in terms of svn). Svn with repo works like it works before. >> Drawback is that OS has to compress and decompress file every time you >> need to commit/checkout. >> Diff would be useless if you encrypt every file before commit, and send >> it as binary, and that is not this situation. > > Yes, but the filesystem as mounted with the encryption key would still be > visible to root. > > If you can get another IP address, it might work to run a virtual machine on > the existing hardware under vmware, virtualbox, xen, kvm, etc. You'd need > root support to set it up and root on the host would still be able to shut > down and delete the image, but the virtual machine could have a different > root password and not be directly accessible to root on the host. However > even that would not be completely safe - I think there are some tools that > let you mount virtual machine disk images into a physical machine. > > -- > Les Mikesell > lesmikes...@gmail.com > > > -- = Chris Albertson Redondo Beach, California
Re: prevent Linux root from seeing my files
I think the bottom line here is that your only "for sure" method is to do all the encryption and decryption on your own local computer. But as others have said this means SVN sees only binary blobs. You can not depend on the server unless you completely trust Root. But if you trust him why not simply tell him not to look? With an untrustful Root you can not depend on an encrypted file system on the sever. It would be easy for Root to pach it such that no encryption takes place and you'd never know it was patched. I work with data that can't be shared. As it turns out most of the compromises that occur are human error or procedural problems. and no, you can't depend on people promising to not make mistakes. You have to organized your work and systems so that they are fail safe. One hard and fast rule is to NEVER connect a computer that holds sensitive information to the Internet. Move the data through an "air gap". You have to decide if your data is really that sensitive -- = Chris Albertson Redondo Beach, California
Re: Windows over linux
On Tue, Jan 25, 2011 at 12:43 AM, Oliver Marshall wrote: > Hi, > > > > As far as subversion is concerned, is there any reason to go for one OS over > another when setting up a new subversion server? Are any of the hooks or > features OS dependant? Choose the OS that is the best stabilty nd the best file system performance. That would be Solaris and ZFS. But more people know about Linux so that is what they recommend. But do think about the file system and how you will be able to continue running and not have to re-boot or power down if a drive fails. Lots of ways to handle that. Last I looked (a while back) Windows required a re-boot after almost any trivial change of settings. It would be good if you could add additional storage space or even swap out drive without a re-boot. ZFS is made just for that. Windows is not as nice for remote access. Again because you need to re-boot and of course the re-boot kills the remote link. -- = Chris Albertson Redondo Beach, California
Re: Windows over linux
On Tue, Jan 25, 2011 at 9:24 AM, Andy Levy wrote: > On Tue, Jan 25, 2011 at 11:56, Chris Albertson > wrote: > And if the skillset in your shop is primarily Windows, using Solaris > or Linux would require a lot of expensive training, People who grow up with Windows all remember just how hard it was to learn all the work-around for Windows many quirks and problems. They think it will take years to re-learn that for another OS. No. those other OSes basically "just work". Going from bare hardware (no OS) to a running SVN server under Linux takes about an hour or maybe two and not to many mouse clicks. Most of that time is waiting for the software to download, the SVN software is pulled down from the net and automatically installed when you click the "SVN Server" check box then "install".This is not a high-skill level task, you are not building a three tier web site. -- = Chris Albertson Redondo Beach, California
Re: svn update or rsync - which is best to update live files
OK, There is one way that works. I'd suggest using it. Most server OSes now have some way to make a virtual hoist. Solaris has zones, Linux has xen and there is VMware. The idea is that you build the new updated web site on a new virtual host. and then you test it. Once you like the tst results you swap IP addresses. You don't really want to go live with changes that are untested. The IP address is "atomic" in that the entire site goes live at once. BTW I've always liked the way Solaris does this in that you can have many "zones" each with their own IP address and file system but there is only one instance of the operating system running on the hardware. I always thought it a waste to have multiple copies of the same software in RAM, Sun solved that problem well. -- = Chris Albertson Redondo Beach, California
Re: MySQL changes into svn
>>> Whenever I change my MySQL database, I do then manually run a script that >>> saves the schema to a file, then I commit that file to my Subversion >>> repository. I try to limit myself to one database change at a time, so >>> that I can write reasonable commit messages. >> >> I am wondering the same thing, how to automate database backup. There is a >> tool in Linux for automatic database backup, but it seems quite buggy. I have >> been able to backup my databases using a bash script and a pre commit hook >> could be the next thing to do, but still no automation there. > > Subversion is not a backup system. > Perfectly OK the place a __schema__ in SVN. But it is not reasonable to use SVN to store the content of a database. Most every SQL database I've seen has a "dump" command that will dump content to an ASCII file. Then you save the files the same way you'd save any other files. You __do__ have to do the dumps inside a transaction so to maintain consistency. -- = Chris Albertson Redondo Beach, California
Re: access denied errors Windows 7
Can't you run SVN native on the Mac? Apple includes it as part of Xcode. Xcode is on your install DVD or can be downloaded free from Apple. You can also get pre-built SVN binaries from the apache.org web site. http://subversion.apache.org/packages.html On Mon, Jun 27, 2011 at 10:13 AM, Ken G. Brown wrote: > Hi, new here, > I'm trying to get TortoiseSVN 1.6.16, Build 21511 - 32 Bit , 2011/06/01 > 19:00:35, and Subversion 1.6.17 working on fully updated Windows 7 running > under VMware Fusion Version 3.1.3 (416484) on my Mac. -- Chris Albertson Redondo Beach, California
Re: Taking mirror Backup of SVN Repos through 3rd Party Software
On Wed, Jun 29, 2011 at 9:17 AM, Waseem Bokhari wrote: > Hi Guys! > > DISCLAIMER: This e-mail and any file transmitted with it are confidential... If the email is confidential why did you post it to a public forum? If it is not confidential why did you include the above statement? I Chris Albertson Redondo Beach, California
Re: Can I prevent a file from being modified?
On Sat, Jul 16, 2011 at 1:14 PM, David Myers wrote: > Dear subversion, > > I have recently started a new post and I am in the process of investigating > some possible new working practices. This particularly relates to document > control. No matter how good or what features you have in SVN or some other system like it, there is the chance that after the document is checked out it is modified. I think you need to have workflow and practices to prevent and detect a change that might happen outside of svn. A couple things I can think of are (1) COmpute the MD5 checksum and store that as a seporate text file. If ever you find the MD5 and the document no longer match you know one of them is changed. (2) many document file formats and be set to disallow edits. PDF can bet set this way. WithSVN I think all you need is a way to DETECT changes because you can always back them out if you know the change was made. An MD5 checksum is a good way to detect changes -- Chris Albertson Redondo Beach, California
Re: SVN
As other have pointed out, this a book length subject. but there is even more to it. First you have to answer "what will version control fit into my software development process" What you will find is you wil also need some system to track bugs and progress on fixing them and a way to relate software versions to which bug fixes and new features.The subject is large enough that one book can't over it. On Thu, Sep 22, 2011 at 5:37 AM, Sukumar Gorai wrote: > Why we need SVN setup? And if is important then how to install? Please > explain and how to use SVN? > -- > Regards, > Sukumar Gorai > Jr. Software Developer > Bluehorse Software > email-sukumar.go...@bluehorse.in > Mob-+91-8296015120 > +91-9647555891 > -- Chris Albertson Redondo Beach, California
Re: Use of svnserve and Dropbox
Sharing the repository and having everyone run their own server defeats the purpose.Not just with SVN but with any sepup where we have a server process and a data store the pourpose of the server mostly is to serialize or control access to the data, maintain locks and so on. On Thu, Sep 22, 2011 at 11:40 AM, David Weintraub wrote: > One of the nice thing about Dropbox is that you can share files > between various users. I will sometimes keep a Subversion repository > on Dropbox, so I can access it on various systems. Right now, it's > just for me to use. > > Here's the scenario: > > * I have my Dropbox under $HOME/Dropbox. > * I create a Subversion repository on $HOME/Dropbox/svn_repos > * I now share my $HOME/Dropbox/svn_repos folder between my colleagues. > > What happens if we all start svnserve on that particular shared folder > in Dropbox? Is there an issue with possible collisions if two or more > people attempt to commit their changes at the same time? > > What if we skip the svnserve route and merely use the file:// > protocol? Is this any safer? > > -- > David Weintraub > qazw...@gmail.com > -- Chris Albertson Redondo Beach, California
Re: Use of svnserve and Dropbox
My first impression is that of course this will not work. But let's be more positive. What would work? 1) Use your SVN server to maintain versions and history and then checkout a working directory to the dropbox. You can even have multiple working directories in the dropbox. 2. put your SVN server in the Internet. Run it on any computer you might have. Old notebooks make good low volume servers. All you need is a home DSL line and dynamic IP.
Re: File access control
On Fri, Sep 30, 2011 at 7:16 PM, Grant wrote: > Is it risky because I would be using rsync instead of svn update, or > is it risky because I wouldn't be using a test/staging machine? Why > can't testing be done on the dev machine? risky because you can't 100% prove what you got is exactly what is in SVN. If you check the code out and then rsync it you might accidentally make a change between checkout and rsync.But if you do the checkout direct to the end-user machine you know what you got can straight out of svn. That said most people don't do that. Part of what you ask your dev to do is create an "install bundle" on most UNIX-likemacnines this is a .tar file. in Windows it's an installer. on Mac it's a disk image .dmg file Then you move those to the end user -- Chris Albertson Redondo Beach, California
Re: details for product
On Thu, Mar 1, 2012 at 11:59 PM, wrote: > Hello, > > We are looking for versioning software. > > Request you to please provide following information about this product. > 1. What is licensing policy.(like whether it is licensed, if yes what is the > cost for server and client installation) > 2. how it manages centralized repository for code. > 3. does it have any demo version. #1, #2, You can down load a FREE book on subversion. All the answers are in it. (You can also buy a printed copy if you like) http://svnbook.red-bean.com/ #3 It does not make sense to have a "demo" for free software. Simply download and use the actual product. Chris Albertson Redondo Beach, California
Re: Info about SVN
On Tue, Apr 17, 2012 at 10:30 AM, Balta, Andre wrote: > ** ** > > I am an engineer for cubic defense applications and we are considering > using your software for a potential program.,... > You say "*your* software". SVN is Open Source software. YOU have the source code. So in an important way, SVN is already *your* software. It is free and may already be installed on your computer if you have a UNIX-like OS. Documentation is free also. And importantly because it is FREE, there is no sales or marketing department so don't expect your inbox to get flooded by people trying to sell you this. The best way to find out if SVN can work for you is to get a copy and try it on a small project. Other free software you might want to try is CVS and GIT. http://git-scm.com/ http://www.nongnu.org/cvs/ More into on SVN is here http://subversion.apache.org/ Notice the book with the turtles on it on the left side of the above linked page. Read that. Which to select of the various free systems depends several things, the size of thyou projects, if they are all in one building or distributed and what your users already know. -- Chris Albertson Redondo Beach, California
Best way to "un-version control" a file?
I'm a new SVN user. I just checked in a small project to a repository. All the functions I tried work s not real problems But, I did not think until now that I should have excluded files such as core files and logs and autoconf's cache from version controls. I now know how to a global ignore and a ignore foe one directory but how to remove these files from version control once they are already there. Is "svn rm" the best why? But that will remove them from the working directory too. I don't want that. Next is these a way to make the ignore property for a directory apply to all sub dirs recursively. The next project I want to move to svn is much larger and has many nested directories -- = Chris Albertson Redondo Beach, California
Re: Implementing an infomration centric subversion client
On Tue, Oct 5, 2010 at 10:18 AM, Lars Brown wrote: >... thinking of modifying the svn transfer protocol a bit. Just one request, if you modify the protocol so that it no longer works with existing SVN clients or servers please make up some new name (that does not contain "svn") so as not to confuse users. -- = Chris Albertson Redondo Beach, California
