[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: merge tracking: rejecting commits from svn clients < 1.5

From: Alan Barrett <apb_at_cequrux.com>
Date: 2007-02-13 16:13:04 CET

On Tue, 13 Feb 2007, John Peacock wrote:
> Alan Barrett wrote:
> >Please don't conflate svn:// with svn+tunnel://. They have very
> >different security properties. As a user who strongly prefers
> >svn+ssh:// access (partly for ease of setup on the server side, and
> >partly because of the good security properties) , I find this idea of
> >treating non-apache access as a second class citizen very disconcerting.
>
> Blair's original question was related to *public* svn repositories.

OK. But the issue of denying certain clients by software version may
also be applicable to private repositories.

> svn+ssh:// access is morally equivalent to file:/// access, and is, as
> such, a *local* access protocol (since it requires a local account to be
> associated with the ssh key).

No, svn+ssh:// is not morally equivalent to file:// access. It does
not require a local account to be associated with the ssh key.

You can set up svn+ssh:// access in such a way that a different local
account is associated with each ssh key, in which case it probably
would be morally equivalent to file:// access, and most of the easily
discoverable documentation suggests that you do that, but I would
recommend against doing that because of the poor security properties.

--apb (Alan Barrett)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 13 16:18:18 2007

This is an archived mail posted to the Subversion Dev mailing list.