...
- Support for users without Kerberos principals. Touchstone and CAMS are prerequisites for this.
- -admin svnadmin groups; these are subsets of -committers groups and control who has access to manage a repository through the web application. If an a -admin svnadmin groups does not exist, all members of the -committers group will have access.
...
- Do not allow custom hook scripts for repositories accessible by the daemons--no "snap" accounts with write access to the hooks directories of such repositories.
- Develop machinery to make custom hook scripts execute as the committing user, or as the snap account.
- Accept a weak security model where users can gain access to other user's repositories with enough effort.
...