[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: FSFS and Security

From: Eric Gillespie <epg_at_pretzelnet.org>
Date: 2004-12-01 18:10:36 CET

kfogel@collab.net writes:

> Eric Gillespie <epg@pretzelnet.org> writes:
> > Incorrect. One of the best features of the FSFS back-end is that
> > read access does not require write access, finally making a
> > public Subversion server more than just a toy.
> That was an odd definition of "toy", I must say :-).

Not really. Allowing apache of all things to write to your
repository is a disaster waiting to happen. svnserve also
probably has more vulnerabilities waiting to be discovered.
Until FSFS, the only way to allow public read access to your
repository was to engage in potentially expensive mirroring
solutions, and even then it leaves the anonymous consumers with
no reason to trust the writable mirror.

Yes, i know svn.collab.net does exactly this. But its users also
transmit their passwords in the clear. Not exactly a model of
security :).

Don't get me wrong, i've been a huge fan of Subversion since way
before we had FSFS, and have devoted a lot of effort to it during
all that time. And i will continue to do so :). But i could do
that because i knew someone would get around to fixing the
writability eventually.

Eric Gillespie <*> epg@pretzelnet.org

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Dec 1 18:12:51 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.