[ic] Risks of websites served from Subversion or CVS checkouts

Jon Jensen jon at endpoint.com
Wed Aug 20 02:58:28 UTC 2008

On Tue, 19 Aug 2008, Peter wrote:

>> If you use Subversion or CVS on any project, I recommend you look into how
>> your files are being served and see if there's anything being exposed.
> Just a side note, that this is bad practice anyways.

A matter of opinion, and I disagree.

> You should maintain your CVS, SVN, GIT, etc repositories separately from 
> your running copy of IC.  It is a good idea to use the standard, perl 
> Makefile.PL, make, make test, make install method to install your 
> running copy of IC (as well as other programs) as this method does not 
> copy the CVS, SVN, etc directories anyways, plus it checks certain 
> system dependencies and sets variables, etc.

I think Perl's ExtUtils::MakeMaker (Makefile.PL) is a terrible way to roll 
out a complex Interchange site comprised of Interchange, admin, catalog 
ITL, custom Perl modules, HTML docroot, CSS, JavaScript, database DDL 
("migration") files, etc.

Version control systems have worked quite well at this for me. They also 
provide a sane way to deal with any intentional or unintentional changes 
made in production (such as mv_metadata.asc, page edits by administrative 
users, shipping.asc, etc.) and provide a way to do code rollouts.


Jon Jensen
End Point Corporation

More information about the interchange-users mailing list