As part of developing Subversion support for FishEye, we were concerned about the ability of just anybody to hook up a FishEye instance to a public Subversion repository. If enough people attached FishEyes to a repository it might have an impact on the server load. In contrast to FishEye for CVS, FishEye for Subversion uses the standardSubversion supported network protocols to access the server. This means that a public Subversion server is available to anybody wanting to run FishEye against that server.
To give repository owners some control over this access, we added a check in FishEye for an access control property. In the upcoming beta, this will be a fairly simple check to see if FishEye is granted access or not. In the future it will probably be a little more sophisticated.
Our initial implementation was to call this property fisheye:access. It seems natural to choose a scheme which is similar to the scheme used by Subversion itself, with such properties as svn:mime-type and svn:author, etc. When you do use that scheme, however, and your repository is accessed over http, the resulting XML documents used by DAV are not well formed. In particular, you may end up with something like this:
<C:blah:test>test2</C:blah:test>
<C:blah_test>test</C:blah_test>
The first label is not well formed XML in a namespace aware XML document. This errata for XML names clarifies as follows:
” It follows that in a namespace-well-formed document … All element types and attribute names contain either zero or one colon; ”
We’ve found that when Xerces encounters these names, it maps the colon to an underscore. The above two properties, blah:test and blah_test, coalesce into a single property value blah_test.
We have now decided to change to fisheye.access to ensure we don’t run into problems for people with strict XML parsers. The native XML libraries usd by Subversion seem to handle this problem without concern. They are probably a little bit loose in their XML handling. It’s debateable whether such looseness is a good thing or not.