On 5 January 2012 14:18, <ma...@apache.org> wrote: > sebb <seb...@gmail.com> wrote: > >>On 4 January 2012 15:07, Gary Gregory <garydgreg...@gmail.com> wrote: >>> Sebb: >>> >>> How do you like this tag: >>> >>> >>https://svn.apache.org/repos/asf/commons/proper/pool/tags/POOL_1_6_RC3 >>> >>> ? >> >>It's the svn commit message that is important, and that is: >> >>>>>> >>URL: http://svn.apache.org/viewvc?rev=1227178&view=rev >>Log: >>Create commons-pool-1.6-RC3 tag >> >>Added: >> commons/proper/pool/tags/POOL_1_6_RC3/ >> - copied from r1227176, commons/proper/pool/branches/POOL_1_X/ >>Modified: >> commons/proper/pool/tags/POOL_1_6_RC3/pom.xml >><<<< >> >>which looks fine; only one revision is referenced. >> >>I suggest you checkout the tag from the http: (read-only) SVN URI and >>build from that workspace. > > For the (very) security paranoid that is generally a bad idea as it allows an > attacker to modify the stream. > > Granted you have to be really paranoid to be worried about stuff like this > and the checks various folks do comparing src and tag before they vote should > catch any changes that but it isn't as if a targeted attack on the ASF is > unknown. > > Personally, I always work with svn over https. > > Just some food for thought and not a big deal in this case.
Good point. The reason I suggested using http: rather than https: is that the http: URL prevents accidental updates to the tag. I don't suppose there is any way to provide read-only https: URLs? [svn export creates the directory tree, but loses the details of the revision, and local changes cannot be detected using svn status.] > Mark > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
