[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Perry E. Metzger <perry_at_wasabisystems.com>
Date: 2002-04-16 19:11:10 CEST

Karl Fogel <kfogel@newton.ch.collab.net> writes:
> Basically agree with Perry's points, though, bluntness of expression
> aside.

I'm not known for sufficient gentleness, I'm afraid. A personal failing.

I know that a new RA layer is not something to do for 1.0, but what
I'm looking for (and more or less was looking for from the start) is
hooks in the client software to make use with ugly tunnel based hacks
over ssh easier for the end user. Eventually we could talk about a new
RA when things are further along.

Perry

> Saying "we don't know of any buffer overrun bugs in Apache"
> isn't very meaningful compared with a real security audit. The more
> lines of code, the more difficult the audit. So what can we conclude?
> What we already knew: that we don't know for sure how secure
> Subversion is.
>
> Fine. But:
>
> We're not going to suddenly start writing a new RA layer. We've got
> enough to do before 1.0 as it is. Apache+Subversion is what you get
> for now, unless you can volunteer the time to make an alternative.
> (And if you choose the latter course, we're happy to help!)
>
> -K
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: dev-help@subversion.tigris.org
>
>

--
Perry E. Metzger		perry@wasabisystems.com
--
NetBSD: The right OS for your embedded design. http://www.wasabisystems.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 19:12:14 2002

This is an archived mail posted to the Subversion Dev mailing list.