Subversion security design

From: Brent J. Nordquist <bjn_at_visi.com>
Date: 2000-06-23 19:08:07 CEST

Was excited to hear about Subversion... I'm an integration veteran :-) and
the SVN goals (vs. CVS) strike a deep chord.

I read through the design document, and was surprised to find so little
about security, because I've always thought that pserver was one of the
worst parts about CVS.

I was encouraged to see the notes on abstracted file permissions, and SVN
keeping its own list of users and access rights. But I'm wondering what
has been discussed about:

- Authentication (PAM hopefully?)
- Security of the client-server protocol (encryption?)
- Security of the server ("best practices", e.g., not requiring root)

etc.

I wholeheartedly agree with Bruce Schneier that security is a process and
needs to be designed in from the start... I think that's why CVS's is so
poor. Thanks!

-- 
Brent J. Nordquist <bjn@visi.com>
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942

Received on Sat Oct 21 14:36:05 2006

This message: [ Message body ]
Next message: Ben Collins-Sussman: "Re: Subversion security design"
Previous message: Ben Collins-Sussman: "Re: xdelta"
Next in thread: Ben Collins-Sussman: "Re: Subversion security design"
Maybe reply: Ben Collins-Sussman: "Re: Subversion security design"
Maybe reply: Ben Collins-Sussman: "Re: Subversion security design"
Maybe reply: Marc van Woerkom: "Re: Subversion security design"
Maybe reply: Karl Fogel: "Re: Subversion security design"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]