This may be partly my ignorance of svn commands showing, but is there any way to prevent the 'installer' folder from coming back every time you run "svn update"?
You could change ownership to root, group to www-data (apache), then chmod 700. svn update works and the folder is not visible nor accessible for the web server. IMO this is protection enough. After all, you trust the web server to protect your config file too.
There should be a configuration directive as e.g. $rcmail_config['installer_disable_warning'] = false;
Setting this to 'true' it would also allow us to simply protect the installer directory with a simple .htaccess (Deny from all) without changing filesystem permissions. There should be a simple way of getting rid of the red "Installer script is still accessible"-warning. phpMyAdmin handles warnings like this.
Regards, Philip _______________________________________________ List info: http://lists.roundcube.net/dev/