5

Recently I've read this article: http://www.smashingmagazine.com/2009/09/25/svn-strikes-back-a-serious-vulnerability-found/

Developers of many popular sites like apache.org, php.net (http://ru2.php.net/.svn/entries), classmates.com and russian Yandex use SVN, but do not follow the recommendations given by SVN (to use command export).

So, what are the reasons for not using svn export instead of updating the public copy like all they do?

Improve this question

4 Answers 4

Reset to default
4

Some people, not including myself, think that to deploy onto production you should just issue an svn up. If you do an export it loses the meta data about the versioning so you can t do that, you have to use another mechanism for tracking which version is where. It is an easy solution, but I think it can make for lazy packaging and also for "fixing in production" as if you do this you can also check back in from production...

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

I should say, though, that this method has a little more to recommend it, when you only static files, like images, HTML, and php for example. It gets rapidly bad when you have jsp, or other stuff where the executable code is somehow a derived object.
yeah export is the way to go, you don't want a bunch of .svn files in your web root!
I was more thinking that if you just svn up, then you might not have actually tested the thing that you deploy, or you might forget to tag it, or it might not have the right approvals etc. I would much prefer to deploy something that has been through all the gateways / approvals.
2

From my perspective what I do is lock off/block access to any .svn files on the server (either Apache2 or IIS) this way the hidden folders are not accessible externally, and it allows for version tracking for sites that we use which do not require compiling before rollout

Languages like:

  • PHP
  • ASP (not .NET)
  • PLAIN HTML
  • COLDFUSION
  • PDF / IMAGE versioning (if needed, in my case we needed it for updated PDF docs for customers).

So certainly you can use SVN for web development, but you do need to be cautions as you expose your .svn folders to the world if you are not cautious. Otherwise it is a tool you could use to make your job easier and more efficient.

With that said, we simply run an SVN UPDATE on our production to update changed files, and with limited developers working on one piece of code at a time (like I said in my case) we don't get mixups with wrong things getting deployed. PLUS to be safe, always do a SVN CHECK FOR MODIFICATIONS to see what is going to be updated, and hey, if you do make a mistake, roll it back.

Improve this answer

2 Comments

And why don't you use svn export?
Because we only use SVN export for projects that we need to compile BUT we don't really do it that way either, as we have Hudson setup to auto deploy builds for us (ASP.NET + JAVA).
1

With svn export files can never get deleted, only added and modified. This could be issue sometimes.

Improve this answer

1 Comment

thats why you export to a different dir(s) and then rsync it to the deployment dir(s) :-)
0

When the entire website is open-source and available for downloading over a public resource (like PHP's). Protecting the .svn directories so other's can't get the source code is probably not worth the effort over simply doing a svn up.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.