Does anyone out there also running Subversion find this to be a little disconcerting? Stuart does. There are two issues here, first it seems there's a number of asserts in the release builds of Subversion. It appears the code uses asserts when an 'uncomfortable' state is reached - except that asserts halt/panic the server, rather than aborting the current transaction. Probably not what they intended when the started to use asserts.
The second, more acute, problem is that there's a particular assert that will occur when making a branch or tag using a mixed case string for the repository when the server expects a different case. Rephrased: If you tag a repository named http://foo/bar/trunk but you typed in http://foo/Bar/mytag then you'll bring down the entire SVN server. Nice little DoS on any SVN server, right there. The user only needs access to a single repository on that server and they can bring down the whole thing.
The bug's been reported, but I'm not seeing that it's thought of as a big deal. I hope this is fixed soon...for now, I think I'll keep my home repository on CVS. Whew.
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. I am a failed stand-up comic, a cornrower, and a book author.
Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.