[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

WARNING: Upcoming authn/authz policy change for svn.collab.net

From: C. Michael Pilato <cmpilato_at_collab.net>
Date: Thu, 30 Jul 2009 13:59:39 -0400

C. Michael Pilato wrote:
> I'm contemplating a relatively minor change of authn/authz policy for
> svn.collab.net. Specifically, I'd like to make two changes:
> 1. Allow authenticated repository access only over SSL connections, and
> anonymous repository access only over non-SSL connections. This means we
> can stop using throw-away passwords for this server.
> 2. Unify the password files on the server into one. Some of our
> repositories already only allow SSL access (because we keep more sensitive
> data there), so we have a separate htpasswd file for those where folks
> currently put better passwords. But maintaining those files isn't as
> routine and automated as managing our regular svn commit access files, even
> though there are patterns we could employ to accomplish this. But why have
> patterns when you can technically guarantee the results you want?
> Overall, this should greatly simplify things over the status quo, which offers:
> - for one repos, anonymous read / authenticated write / no path-based authz
> / SSL or non-SSL
> - for another repos, anonymous read / authenticated read+write / path-basd
> authz / SSL or non-SSL
> - for a third repos, authenticated read+write, SSL-only
> Confused yet? Yeah.
> The only downside I can think of here is that committers will require
> SSL-enabled Subversion clients. While this might not be a problem for most
> of us, it's not clear to me how that affects our casual users (translators,
> contrib maintainers, etc.)
> Thoughts?

By now, I really should know better than to just leave discussions of this
sort open. So I've tweaked the Subject line, and I'm amending the above to
include, "Unless I get strong objections in the next couple of days, I'll be
making this change."

C. Michael Pilato <cmpilato_at_collab.net>
CollabNet   <>   www.collab.net   <>   Distributed Development On Demand

Received on 2009-07-30 20:00:13 CEST

This is an archived mail posted to the Subversion Dev mailing list.