[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion security needs to improve.

From: Toby Johnson <toby_at_etjohnson.us>
Date: 2004-10-20 22:56:41 CEST

Alex Holst wrote:

>I'm a demanding sort of guy. I want the Subversion project to put more
>effort into the security of its code. I have reasons for this!
>
>I have articulated some of these reasons in a document partly aimed at
>Subversion developers and partly aimed at Subversion users. The part
>aimed at the developers is mostly complete, and I'd like you all to read
>it so we can talk about how to best carry some of these suggestings into
>the project. I think it is badly needed.
>
>
I find this document very hard to read. You seem to be jumping around
from topic to topic without fleshing anything out. For example, you
state "it is important to differentiate between security features and
secure features" but then you don't describe what those are. You seem to
hint that Subversion's multiple access methods are a security issue, but
don't describe why other than saying it's a lot of code. You state that
"in some situations, a particular approach to software design can help
reduce the exposure", then claim that the developers fail to follow that
"particular approach" without describing what that approach might be.

In short, it's long on accusations and short on solutions. The only
concrete recommendations you give are three bullet points at the end,
which are rather vague in themselves.
////

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Oct 20 22:56:54 2004

This is an archived mail posted to the Subversion Dev mailing list.