[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion security design

From: Greg Stein <gstein_at_lyra.org>
Date: 2000-06-27 14:45:07 CEST

On Tue, Jun 27, 2000 at 07:45:18AM -0400, Jonathan S. Shapiro wrote:
>...
> > After we hit 1.0, we can worry about what it means to
> > Subversion to have a "user" be not an opaque string but something else.
>
> You have said this several times in response to various notes, and in my
> experience it is simply wrong. There are many things that can be fixed
> later. Issues of naming and access control, in my experience, are not among
> them. When (if ever) these things get implemented is your choice to make,
> but I urge you not to design your way into a corner (as CVS did) by failing
> to plan ahead.

I don't think this painting-into-a-corner is occurring.

mod_ssl provides us with client certificate authentication, which sounds
much like what you're doing. We just happen to be using off-the-shelf
technology that has been widely tested :-)

Given the certs, we can also distribute the authentication if we choose.

But the issue is rather moot. We have some design choices, we will be
pragmatic, and we will get code built. If we wanted to sit around and ponder
and plan, then we could do that forever.

Yes, it is good to plan ahead. But it is also good to just say "this solves
the 90% case, I don't care about the other 10%, let's *produce* something."

Cheers,
-g

-- 
Greg Stein, http://www.lyra.org/
Received on Sat Oct 21 14:36:05 2006

This is an archived mail posted to the Subversion Dev mailing list.