Peter Samuelson wrote:
> [Micha? ?ukaszek]
>
>> This of course is true, but nevertheless - patch adds a functionality
>> that is not breaking anything, and could be useful for someone.
>>
>
> Well, features are not free. Somebody has to document them, people
> have to configure them, the code needs to be maintained.
>
I agree wholeheartedly. Unlike many servers, svnserve does not need root
access at any time because it doesn't bind to a privileged port. Adding
a "drop root privs" feature is therefore not necessary, and we'd IMHO be
laying a subtle and terrible trap for ourselves if we accepted this
patch -- I've seen way too many security alerts about root privs not
being dropped far enough, or soon enough (remember the last sshd thing?).
Just to be on the safe side ... -1 on accepting this patch.
-- Brane
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Jan 8 00:25:58 2007