On Tue, 13 Feb 2007, John Peacock wrote:
> Alan Barrett wrote:
> >Please don't conflate svn:// with svn+tunnel://. They have very
> >different security properties. As a user who strongly prefers
> >svn+ssh:// access (partly for ease of setup on the server side, and
> >partly because of the good security properties) , I find this idea of
> >treating non-apache access as a second class citizen very disconcerting.
>
> Blair's original question was related to *public* svn repositories.
OK. But the issue of denying certain clients by software version may
also be applicable to private repositories.
> svn+ssh:// access is morally equivalent to file:/// access, and is, as
> such, a *local* access protocol (since it requires a local account to be
> associated with the ssh key).
No, svn+ssh:// is not morally equivalent to file:// access. It does
not require a local account to be associated with the ssh key.
You can set up svn+ssh:// access in such a way that a different local
account is associated with each ssh key, in which case it probably
would be morally equivalent to file:// access, and most of the easily
discoverable documentation suggests that you do that, but I would
recommend against doing that because of the poor security properties.
--apb (Alan Barrett)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Feb 13 16:18:18 2007