Re: RFC: New authn/authz policy for svn.collab.net

From: Jeremy Whitlock <jcscoobyrs_at_gmail.com>
Date: Thu, 30 Jul 2009 11:41:34 -0600

>
>> I disagree. Doing this adds unnecessary complication to the configuration
>> (some of which is exactly the kind of thing I'm trying to get rid of by
>> applying the rules I suggested), unnecessary performance/load penalties to
>> the server (why do we want to be doing SSL calculations for anonymous
>> accessors?), and all while bringing no discernible benefit to the users.
>>
>>
>
> SSL for anonymous access prevents MITM attacks on downloads from the
> repository.
>
Subversion's source code isn't something that is hidden so why is a MITM
scenario a concern? If a MITM scenario does occur, SSL or not, there is
a bigger problem that Subversion's server configuration can't help with.

-- 
Jeremy Whitlock
http://www.thoughtspark.org
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=462&dsMessageId=2377068

Received on 2009-07-30 19:42:09 CEST

This message: [ Message body ]
Next message: Julian Foad: "Re: RFC: New authn/authz policy for svn.collab.net"
Previous message: Julian Foad: "Re: issue 3342 - summary of conflicts and skips [was: ... 3432 ...]"
In reply to: Alec Kloss: "Re: RFC: New authn/authz policy for svn.collab.net"
Next in thread: Stefan Sperling: "Re: RFC: New authn/authz policy for svn.collab.net"
Reply: Stefan Sperling: "Re: RFC: New authn/authz policy for svn.collab.net"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]