[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Credentials held unencrypted in memory during runtime

From: Pablo M. Dotro <pdotro_at_df.uba.ar>
Date: Wed, 13 Apr 2011 10:29:06 -0300

On 13/04/2011 09:55 a.m., Feldhacker, Chris wrote:
> http://www.wandisco.com/subversion/tortoisesvn-support
> "Stefan Küng, the TortoiseSVN project's lead developer since 2003, heads WANdisco's team of professionals dedicated to the support, development and enhancement of this widely used Subversion client. This enables us to deliver critical fixes without any delay."
> I'd be curious if Stefan's views of secure coding best practices is also the official position of WANdisco...
> Anybody out there with an official support contract with WANdisco want to report this issue through official channels and see where it leads? It's always interesting to gauge just how much vendors selling support for open source products really can/cannot have an influence... Would WANdisco's response also be "go away"?
Going over the head of the project's lead developer in public, on his
own users list... not polite.
I would point *another* obvious angle: TortoiseSVN is open source. I am
sure that if the interested parties submit a patch that remedies this
perceived vulnerability, it will be considered. And even if it's not,
everyone is free to create a derivative and include it in their own builds.

Pablo M. Dotro
Área de Servicios Informáticos
Laboratorios de Enseñanza
Departamento de Física (FCEyN - UBA)
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_tortoisesvn.tigris.org].
Received on 2011-04-13 15:28:25 CEST

This is an archived mail posted to the TortoiseSVN Users mailing list.