I've heard many times in recent weeks from enterprise-class consumers of
Subversion who are bothered about the lack of file-level reporting. Certainly
Subversion's current mod_dav_svn operational logging leaves much to be desired
for the security-concerned administrator who would like just a little more
detail about what exact files were downloaded via Subversion than a one-liner
"user foo did a checkout or export or update of /trunk", especially if they are
employing path-based authorization.
This isn't a problem for clients using ra_serf, which always asks for an update
skelta and then fetches files with individual GET requests. But while ra_neon
used to behave this way, it no longer does by default, and you can't exactly
force clients to use ra_serf in a way that isn't bypassable (User-agent
spoofing, e.g.).
So, how about a new mod_dav_svn directive when tells mod_dav_svn to flatly
ignore requests for a send-all style update REPORT, and always reply with a
skelta. Ra_serf won't mind; ra_neon has fallback compatibility code that should
be able to cope, too. And administrators will get per-file GET request logging
to ease the region of their minds that frets over security matters.
Improvement
Major
