[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Pablo M. Dotro <pdotro_at_df.uba.ar>
Date: Wed, 13 Apr 2011 10:29:06 -0300

On 13/04/2011 09:55 a.m., Feldhacker, Chris wrote:
> http://www.wandisco.com/subversion/tortoisesvn-support
> "Stefan Küng, the TortoiseSVN project's lead developer since 2003, heads WANdisco's team of professionals dedicated to the support, development and enhancement of this widely used Subversion client. This enables us to deliver critical fixes without any delay."
>
> I'd be curious if Stefan's views of secure coding best practices is also the official position of WANdisco...
> Anybody out there with an official support contract with WANdisco want to report this issue through official channels and see where it leads? It's always interesting to gauge just how much vendors selling support for open source products really can/cannot have an influence... Would WANdisco's response also be "go away"?
>
Going over the head of the project's lead developer in public, on his
own users list... not polite.
I would point *another* obvious angle: TortoiseSVN is open source. I am
sure that if the interested parties submit a patch that remedies this
perceived vulnerability, it will be considered. And even if it's not,
everyone is free to create a derivative and include it in their own builds.

-- 
Pablo M. Dotro
pdotro_at_df.uba.ar
Área de Servicios Informáticos
Laboratorios de Enseñanza
Departamento de Física (FCEyN - UBA)
------------------------------------------------------
http://tortoisesvn.tigris.org/ds/viewMessage.do?dsForumId=4061&dsMessageId=2719444
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-13 15:28:25 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.