[Python-Dev] PEP: Migrating the Python CVS to Subversion

Barry Warsaw barry at python.org
Fri Jul 29 00:37:42 CEST 2005


On Thu, 2005-07-28 at 17:58, James Y Knight wrote:

> If you use the fsfs storage mechanism for subversion, it is somewhat  
> simpler to verify that the repository is not compromised. Each commit  
> is represented as a separate file, and thus old commits are never  
> modified. Only new files are appended to the directory. If you have a  
> filesystem that allows "append-only" permissions on a directory, you  
> can enforce this directly. Additionally, it is possible in your  
> backup script to verify that only new files were added and nothing  
> else changed.
> 
> Then at least you know how much you need to examine instead of having  
> to treat the entire repository as possibly contaminated.

Would it buy us any additional piece of mind to checksum the transaction
files as they're committed and store those checksums outside the
repository?

-Barry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/python-dev/attachments/20050728/4824ca33/attachment.pgp


More information about the Python-Dev mailing list