Page 1 of 1

Putting live board on an SVN repository? What do you think?

Posted: Thu Sep 06, 2007 7:57 pm
by Yautja_cetanu
We've got a bunch of people managing one live board. Its got a bunch of mods we've developed or we're tweaking (when trying to fix problems for example).

So we're thinking of putting the entire live board's files up in a SVN repository that would be publically available. Obviously we won't put anything in cache, files, stores, images or config.php. But is this an issue? Are there any security issues we haven't thought about?

Re: Putting live board on an SVN repository? What do you think?

Posted: Thu Sep 06, 2007 8:16 pm
by david63
phpbb.com does not support pre modded boards so if you were to do that then you would have to take on the responsibility of supporting any downloads for the rest of their life as well as ensuring that they were always updated to the current version - that would mean core files and mods.

Re: Putting live board on an SVN repository? What do you think?

Posted: Thu Sep 06, 2007 8:39 pm
by andrewbelcher
Hey, I'm from the same boards... The idea isn't for people to download it pre-modded. The idea is that we can keep track of everything done to our live boards very easily, which would be useful as we develop our mods.

The problem is sourceforge (our SVN host) don't enable you to hide parts of the repositry, so they'd be live... The question is really are there any security problems with putting those files up there - does it pose any risk to data integrity or anything. The only files we could think might are config.php, /cache, /stores, /files and /images... Are there any others that put our boards at risk?

Re: Putting live board on an SVN repository? What do you think?

Posted: Thu Sep 06, 2007 8:55 pm
by Techie-Micheal
I think it is very much a good idea, and have even suggested it in the past for people. :)

Personally, I wouldn't bother with worrying about /images (web accessible anyway), /files, I'd recommend having backups of rather than storing on SVN, and /store, don't worry about putting that in SVN as it contains SQL backups (if you choose to put backups there for temporary use ;)). /cache is more or less volatile, so I wouldn't worry about putting it in there. So that leaves config.php. You can have the svn:ignore property on it so it doesn't mess things up. Other than that, it is up to you. Personally, I wouldn't recommend using SF for this particular purpose. What happens if they get compromised? How are you going to verify your site's integrity? How are you going to verify your site's integrity if they have an hd failure or some other hardware failure (which has happened to SF on more than one occasion)?

Just some things to think about. :)

Re: Putting live board on an SVN repository? What do you think?

Posted: Fri Sep 07, 2007 1:56 pm
by andrewbelcher
Cheers, that's a really useful reply :)

We've been thinking about setting up an SVN repositry on our own server so that we can link in things like bug-trackers etc which SF don't support... But we'd decided against it as we thought it wasn't a good idea to have both our live version and our svn on the same server, due to the posibility of hard drive failures etc...

But thanks - we'll think about it :) Cheers! I do love the support of these forums!

Re: Putting live board on an SVN repository? What do you think?

Posted: Fri Sep 07, 2007 2:12 pm
by igorw
Techie-Micheal wrote:and /store, don't worry about putting that in SVN as it contains SQL backups
I would be very worried if people got access to my SQL backups :o

Re: Putting live board on an SVN repository? What do you think?

Posted: Fri Sep 07, 2007 3:08 pm
by A_Jelly_Doughnut
Evil<3: Micheal meant "don't spend the effort to put /store/ in SVN", not "don't worry about the effects of putting /store/ in SVN"

Re: Putting live board on an SVN repository? What do you think?

Posted: Fri Sep 07, 2007 4:39 pm
by Techie-Micheal
A_Jelly_Doughnut wrote:Evil<3: Micheal meant "don't spend the effort to put /store/ in SVN", not "don't worry about the effects of putting /store/ in SVN"
Yeah. :)

Re: Putting live board on an SVN repository? What do you think?

Posted: Fri Sep 07, 2007 6:26 pm
by igorw
Ah, okay. That wasn't quite clear. My apologies :roll:

Re: Putting live board on an SVN repository? What do you think?

Posted: Sun Sep 09, 2007 1:05 pm
by Yautja_cetanu
Thanks for your advice

hmmm I always thought putting things on soruceforge would be safer then having our own SVN repository :S

Re: Putting live board on an SVN repository? What do you think?

Posted: Sun Sep 09, 2007 4:48 pm
by Techie-Micheal
eviL<3 wrote:Ah, okay. That wasn't quite clear. My apologies :roll:
You should hear my double-speak. :D ;) :P Yeah, I'm not even sure how I came up with such a paragraph going back and reading it again. Sorry about that.

Re: Putting live board on an SVN repository? What do you think?

Posted: Sun Sep 09, 2007 10:28 pm
by Highway of Life
Yautja_cetanu wrote:We've got a bunch of people managing one live board. Its got a bunch of mods we've developed or we're tweaking (when trying to fix problems for example).

So we're thinking of putting the entire live board's files up in a SVN repository that would be publically available. Obviously we won't put anything in cache, files, stores, images or config.php. But is this an issue? Are there any security issues we haven't thought about?
This is actually a really good idea and something I believe we may even implement for one of our sites (you get three guesses, and the first two don't count).
I don’t see anything wrong with images, but you might exclude /images/avatars/upload/ -- as your admins may want to contribute images to smilies, upload icons, post icons, ranks, or even gallery avatars.

Re: Putting live board on an SVN repository? What do you think?

Posted: Sun Sep 09, 2007 10:36 pm
by GroovePlugs
andrewbelcher wrote:Hey, I'm from the same boards... The idea isn't for people to download it pre-modded. The idea is that we can keep track of everything done to our live boards very easily, which would be useful as we develop our mods.

The problem is sourceforge (our SVN host) don't enable you to hide parts of the repositry, so they'd be live... The question is really are there any security problems with putting those files up there - does it pose any risk to data integrity or anything. The only files we could think might are config.php, /cache, /stores, /files and /images... Are there any others that put our boards at risk?
We have our own svn repository that's hosted on a server protected by a SSL layer (login required), so it's not open to the public.
But all the developers have access to the SVN… in this case, it's safer as far as information being available to the public than sourceforge, google code or an open SVN repository.

It's pretty easy to setup an SVN if you have access to your server, otherwise there are a few places where you can get a Repository that is only viewable by those you specify.