Re: svn_ra.h

From: Jim Blandy <jimb_at_zwingli.cygnus.com>
Date: 2000-11-29 22:54:31 CET

Greg Hudson <ghudson@MIT.EDU> writes:
> > This way libsvn_ra_dav is still HTTP proxy happy, and you don't have
> > to let ssh through your firewall if you don't have to.
>
> This argument is terrible, incidentally. A firewall which allows HTTP
> through is allowing it for the sake of web browsing, not for
> Subversion. By making Subversion run over HTTP, we are subverting
> that policy, which is a bad thing, not a good thing.

I think this is a pretty funny situation. It's true that doing
Subversion work over HTTP will get us through a lot of firewalls. And
it's true that this is subverting the intent of the firewall.

It's kind of an arms race between users who want to do things, and
sysadmins who want to keep the system secure. In general, you could
embed just about anything in HTTP, and get around firewalls.

As a consequence, I say it's just a matter of time before firewalls
start looking inside HTTP streams. :)
Received on Sat Oct 21 14:36:15 2006

This message: [ Message body ]
Next message: Greg Stein: "navigating proxies/firewalls (was: Re: svn_ra.h)"
Previous message: Jim Blandy: "Re: svn_ra.h"
In reply to: Greg Hudson: "Re: svn_ra.h"
Next in thread: Greg Stein: "navigating proxies/firewalls (was: Re: svn_ra.h)"
Reply: Greg Stein: "navigating proxies/firewalls (was: Re: svn_ra.h)"
Reply: Brian Behlendorf: "Re: svn_ra.h"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]