[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: reposurgeon now writes Subversion repositories

From: Eric S. Raymond <esr_at_thyrsus.com>
Date: Sat, 1 Dec 2012 01:03:28 -0500

kmradke_at_rockwellcollins.com <kmradke_at_rockwellcollins.com>:
> Possibly I'm naive, but a client provided email address is far
> from being a GUID. In fact, I can pretty much set my email address
> to anything in most DVCS tools. Who is to say I haven't used
> your email address when committing?

Technically, nothing. The underlying assumption is that you trust
your contributors not to *want* to spoof each other.

Sure, it would be nice to have better authentication than that, but
if you think for a bit you'll see that this is a very hard problem.
The cost of solving it would so high that DVCSes have decided they have
to ignore the spoofing case and hope everybody behaves well.

So far, this has worked.

-- 
		Eric S. Raymond
Received on 2012-12-01 07:04:11 CET

This is an archived mail posted to the Subversion Dev mailing list.