Re: ssh based access?

Garrett Rooney <rooneg@electricjellyfish.net> writes:
> > Certs are evil. SSH doesn't require them -- it just uses naked public
> > keys -- which is one reason people like it so much.
>
> well, i'm relatively certain that we're not going to be requiring
> them, but if we want to provide the same functionality (or at least
> most of it) that you can get with cvs/ssh, then we'll need it.

Unless some sort of "via ssh" functionality comes in, thus part of my
original question.

It will in any case be much harder to switch over the NetBSD community
if the only mechanism available is ssl via apache. Apache is regarded
as large and hard to audit system, and thus unsuitable as a program
exposed to the network on a security critical machine like a central
source repository. ssh is a much narrower arpeture -- it has had bugs,
but it is much better understood from this perspective, and in
general, its one of those "you have to run it anyway" sort of
programs. An additional arpeture is frowned on.

I'll point out, btw, that when I mention subversion to security
oriented people, everyone sounds very impressed until I say
"Apache/DAV", at which point looks of terror cross their faces.

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org