Subversion: Write protection for tagged directories

i am using subversion as RCS. Always when a new version of my project is finised i create a tag of it (copy of the trunk). Does anybody know how i can protect this tagged directory from being accidentally modified?

At the moment as a workaround i lock all files. But this sill means that the user with the lock can edit the files.

Is there开发者_开发技巧 any better solution?

You can use a pre-commit hook to prevent users from writing to a tags directory after it has been created.

See this related SO question for examples:
SVN pre-commit hook for avoiding changes to tags subdirectories

You can give read only permission on the tag directories using path-based authorization.

If you set the svn:needs-lock attribute for all files in the tag, all files will be checked out as read-only unless the user explicitly acquires a lock. This will (in most cases) prevent files being changed. It does not prevent anyone from changing the read-only flag or acquiring a lock, but it reduce the chances of accidental modification.

Subversion itself cannot apply the svn:needs-lock attribute to a folder, but in the TortoiseSVN client (Windows) for example if you attempt to do so, it applies the property to all files in the folder and sub-folders instead. It won't let you do this from the TortioseSVN repo-browser, so you must check-out a working copy of the tag, modify the properties, and then check in the property changes. Other clients may vary; if you are using the native subversion command line client, a suitable shell script or similar may be necessary to iterate through files and sub-folders to apply the attribute in bulk. TortoiseSVN does at least warn you if you attempt to change anything in a Tags folder - but that is only a convention, not an enforcement.

The svn:needs-lock solution is somewhat weak and easily circumvented and does not prevent new files being added to a tag folder; a stronger alternative is to create a dummy user, and acquire a lock for the entire tag in that users name. This will prevent "real" users from being able to check-in, and working-copy checkouts will have their read-only attribute set just like with svn:needs-lock - the difference is that they will not be able to acquire a lock, and changing the working copy read-only attribute will not allow check-in either.