On Sat, Jan 01, 2011 at 10:29:22PM -0500, Nico Kadel-Garcia wrote: > You've just made my point that it should be automated upstream.
Instead of riding on the obvious shortcomings of a two-line shell script I was using to badly illustrate an idea, why don't you spend time writing up a "Setting up Subversion securely" article? I think you do have the knowledge to do that. And it would benefit users a lot because we could improve the documentation based on it. > And that's fair. Here's a very lightweight, testable, and reverse > compatible change that would notably improve security models going > forward. Enjoy. You have been glossing over one open issue I see with your proposal, which I have mentioned before: What if users run svnserve like this: svnserve --config-file /etc/svnserve.conf Should we then still require an svnserve.conf file to be present in each repository? Even if this svnserve.conf is not used? Note that per-repos configs do not override the global ones (and we can't change that), so there's potential for confusion about where settings actually come from. I'd rather use a separate marker file (like the git-daemon-export-ok file in git), but we cannot use a new marker file because of backwards compat.
