[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Writing svn-agent

From: Zack Weinberg <zack_at_codesourcery.com>
Date: 2003-01-15 00:13:35 CET

Karl Fogel <kfogel@newton.ch.collab.net> writes:

> (Among other things, we shouldn't be paying the same price to
> protect svn passwords as to protect login passwords, because they're
> not as valuable as login passwords.)

That depends on the situation. If someone steals my login password
they can read my email, which is mostly publicly archived mailing
lists so big deal, and they can delete my files, which would only be
an inconvenience; I have backups. If someone steals my SSH passphrase
they could trash sources.redhat.com, which is also backed up but would
inconvenience hundreds of people all over the world instead of just
me; or they could inject malicious code into one of the repositories
there, which would be a major catastrophe.

No prize for guessing which of these is more closely held.

zw

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 15 00:14:27 2003

This is an archived mail posted to the Subversion Dev mailing list.