David Mankin wrote:
>
> On Thursday, October 3, 2002, at 07:02 AM, Karl Fogel wrote:
>
>> David Kimdon <dwhedon@debian.org> writes:
>>
>>>> This gets mentioned every now and then. .svn/auth/* are world-readable,
>>>> but .svn/auth is not world-traversable. So I don't see any real
>>>> security
>>>> problem here.
>>>
>>>
>>> hmm, good point, sounds like this patch can be safely ignored.
>>
>>
>> I'm beginning to think a new patch to the FAQ is called for instead...
>> :-)
>>
>
> Real security problem or not, isn't a patch to fix a perceived security
> problem a good idea too? If it keeps coming up, and there's no downside
> to fixing it, I can't see why the patch shouldn't be included. I don't
> think we want security related bug reports about SVN in various OS
> trackers; it might make it harder to convince our respective bosses to
> let us switch our SCM to SVN.
personally, i'd be +1 on committing this, since i'm tired of seeing the
question posted on the list, and it doesn't actually seem to harm anything.
-garrett
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Oct 3 17:52:03 2002