[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion security design

From: Jonathan S. Shapiro <shap_at_eros-os.org>
Date: 2000-06-27 15:06:55 CEST

> mod_ssl provides us with client certificate authentication, which sounds
> much like what you're doing. We just happen to be using off-the-shelf
> technology that has been widely tested :-)

Yes, but mod_ssl does not provide access controls. Actually, I'm content to
use the very same technology for certificate authentication, though I'll
probably take it directly from the openssl implementation.

> Yes, it is good to plan ahead. But it is also good to just say "this
solves
> the 90% case, I don't care about the other 10%, let's *produce*
something."

As I think you know, I agree with this sentiment. DCMS is mostly
implemented and working.

But speaking purely personally, I also believe that you have the wrong
objective. CVS is quite good at being CVS, and if one is going to undertake
the effort to build a new system, it's worth asking what should that system
really do. We just have different places where we have set the cutlines.

Just to be very clear: I think your cutline is a useful one. In the absence
of DCMS, I would certainly move to subversion over CVS. If both exist, I
suppose I'll just have to see which one is more useful to me. Disagreements
about where the cutline should be are useful disagreements so long as we
don't get religious about them.

shap
Received on Sat Oct 21 14:36:05 2006

This is an archived mail posted to the Subversion Dev mailing list.