I ended up now using the vendor-branching concept but with dump/load instead of export.
- Dump a specific tree from Repo1 (only HEAD).
- Lock the tree in SVN authorization file of SVN-Repo1. Nobody can access it now at the customer side.
- Anonymize the dump with "svndumptool"
- Load the dump in our Repo2 to tag/xyz
- Merge the dump to trunk/xyz (Overwrite what might already be there)
- Adapt externals at Repo2
- Develop in Repo2
- Dump again all changes we have maid (only Head)
- Anonymize the dump with "svndumptool"
- Load the dump back into Repo1 to tag/xyz
- Unlock the Tree in the SVN authorization file.
- Merge the dump to trunk/xyz (Overwrite what might already be there)
- Adapt externals at Repo1
...and voila our customer has the newest release. All those steps can be scripted pretty neat and easily automated.
I know is not a nice solution, but is also not a nice task to accomplish ;-)
Anyway, thanks a lot for all your efforts.