[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Karl Fogel <kfogel_at_newton.ch.collab.net>
Date: 2002-04-16 18:40:50 CEST

"Perry E. Metzger" <perry@wasabisystems.com> writes:
> actually understand the problem. If you want to ignore all that and
> just say "oh, no one has proven Apache has any more bugs, lets thumb
> our nose at those horrid security dweebs", well, you're acting like
> Microsoft.

Hee hee! I'm thinking of an obvious corrolary to Godwin's Law


now... :-)

Basically agree with Perry's points, though, bluntness of expression
aside. Saying "we don't know of any buffer overrun bugs in Apache"
isn't very meaningful compared with a real security audit. The more
lines of code, the more difficult the audit. So what can we conclude?
What we already knew: that we don't know for sure how secure
Subversion is.

Fine. But:

We're not going to suddenly start writing a new RA layer. We've got
enough to do before 1.0 as it is. Apache+Subversion is what you get
for now, unless you can volunteer the time to make an alternative.
(And if you choose the latter course, we're happy to help!)


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 18:37:23 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.