[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn_ra.h

From: Jim Blandy <jimb_at_zwingli.cygnus.com>
Date: 2000-11-29 22:54:31 CET

Greg Hudson <ghudson@MIT.EDU> writes:
> > This way libsvn_ra_dav is still HTTP proxy happy, and you don't have
> > to let ssh through your firewall if you don't have to.
>
> This argument is terrible, incidentally. A firewall which allows HTTP
> through is allowing it for the sake of web browsing, not for
> Subversion. By making Subversion run over HTTP, we are subverting
> that policy, which is a bad thing, not a good thing.

I think this is a pretty funny situation. It's true that doing
Subversion work over HTTP will get us through a lot of firewalls. And
it's true that this is subverting the intent of the firewall.

It's kind of an arms race between users who want to do things, and
sysadmins who want to keep the system secure. In general, you could
embed just about anything in HTTP, and get around firewalls.

As a consequence, I say it's just a matter of time before firewalls
start looking inside HTTP streams. :)
Received on Sat Oct 21 14:36:15 2006

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.