[Checkins] SVN: zope.app.wsgi/branches/sylvain-testlayers/buildout.cfg Use infrae.subversion instead of mr.developer. mr.developer requires

Uli Fouquet uli at gnufix.de
Fri Feb 19 10:20:26 EST 2010 

Hi Hanno,

Hanno Schlichting wrote:
> On Fri, Feb 19, 2010 at 1:34 PM, Vincent Fretin
> <vincent.fretin at gmail.com> wrote:
> > Actually mr.developer 1.10 requires svn >= 1.5, I don't know why.
> > mr.developer 1.9 works fine with svn 1.4.
> 
> It parses the information in the .svn directories itself. The format
> of that data changed over time and the old one is too cumbersome to
> work with.

Okay, thanks for the info.

> Btw. Subversion is currently at 1.6.9, the last 1.4.6 release is more
> than two years old. You should really upgrade - there's even security
> holes in the 1.4.x line, which have only been fixed in the 1.5 and 1.6
> release lines.

Not an option for me, sorry. I won't override distribution packages
(Ubuntu 8.04, latest LTS) that otherwise work very well on my
development system. This would lead to exactly the upgrade mess I always
had after overriding 'outdated' dist-packages manually. Yes, I know
there is always a way to do it correctly so you won't get the mess
afterwards, but I simply won't spend time on finding out this way.

I see that I could use the 1.5 version from backports, but the next
complete system upgrade is only two months ahead, so I won't worry about
any upgrade now.

Regarding the 'two-years-old-therefore-terribly-insecure' problem: the
last security update of my svn-client was some months ago addressing
CVE-2009-2411, which is AFAICS the last security problem that was not
fixed in stock 1.4.6 (but fixed in Debians and Ubuntus subversion 1.4).
So be assured, I don't use a plain 1.4.6 from 2007.

I admit, however, that I'm a stubborn person :-)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/checkins/attachments/20100219/c14a6f52/attachment.bin

More information about the checkins mailing list