Dear Subversion group,we would like to migrate our svn repository to a new machine, and use the opportunity to provide anonymous (public internet) access to it.
+++ Overview +++However, the repository contains confidential information like lists of telephone numbers that are supposed to be checked out by everyone in the current head revision and all future revisions, but we would like to prevent checkouts of older revisions.
Therefore, what we "really" or "ideally" want to accomplish is to restrict repository access by revision number.
While this could easily be accomplished by creating an entirely new repository with the contents of a current working copy (losing all history, restarting at revision number 1), we would like to preserve history: A set of authorized people should still be able to checkout old revisions and see old log messages, just everyone else should be restriced to todays head and all future revisions.
+++ Variant 1 +++As there seems to be no direct way to achieve this, we are now wondering if combining svn copy with path-based authorization as described at <http://svnbook.red-bean.com/nightly/en/svn.serverconfig.pathbasedauthz.html> is a viable alternative.
That is, we would import the original repository into a subdirectory of the new one (with full history), then svn copy, e.g.:
svn copy http://.../new-repos/imported-old http://.../new-repos/public then restrict access to path "imported". +++ Variant 2 +++A variant of this would be to not import the old repository into the new one, but refer to it with svn:externals, then svn copy the external repository into the local one as above. Access to the external repository would be set on a per-repository level as usual.
+++ Questions :-) +++a) Is there a (maybe entirely different) solution to the problem that is simpler and/or more direct than variant 1 or 2?
b) Is the key idea "replace revision-number-based access by path-based access" reasonable at all? c) Does svn copy preserve history when used with svn:externals?d) What happens is the externals repository is not available, either because it has per-repository access restrictions or the network is unavailable, machine is down, etc.?
We'd be very happy and grateful for any comments and help. Thank you very much, and best regards, Carsten
smime.p7s
Description: S/MIME Cryptographic Signature