Re: Writing svn-agent

From: Zack Weinberg <zack_at_codesourcery.com>
Date: 2003-01-15 00:13:35 CET

Karl Fogel <kfogel@newton.ch.collab.net> writes:

> (Among other things, we shouldn't be paying the same price to
> protect svn passwords as to protect login passwords, because they're
> not as valuable as login passwords.)

That depends on the situation. If someone steals my login password
they can read my email, which is mostly publicly archived mailing
lists so big deal, and they can delete my files, which would only be
an inconvenience; I have backups. If someone steals my SSH passphrase
they could trash sources.redhat.com, which is also backed up but would
inconvenience hundreds of people all over the world instead of just
me; or they could inject malicious code into one of the repositories
there, which would be a major catastrophe.

No prize for guessing which of these is more closely held.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 15 00:14:27 2003

This message: [ Message body ]
Next message: Colin Watson: "Re: [PATCH] default to --no-auth-cache"
Previous message: rbb_at_rkbloom.net: "Re: [PATCH] default to --no-auth-cache"
In reply to: Karl Fogel: "Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)"
Next in thread: Benjamin Pflugmann: "Re: Writing svn-agent (Was Re: [PATCH] default to --no-auth-cache)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]