Hi Nico,
Certainly none of those REQUIRE http.
However, I take it that you grant Kalin's
point that http "is useful" (read "as safe
and faster") than https IN THOSE 3
circumstances?
If you don't, I wonder how you recommend
sending stuff to non-certificated people?
As a particular example, the website
cvsdude sets up an svn server
for you for $10 per month via
http, or $30 per month via https.
Do you recommend: always spend the extra
$20 per month?
Nico Kadel-Garcia wrote:
> Not a single one of these require HTTP instead of HTTPS. There's just no
> excuse for it, except possibly that you don't want people whining that
> "I have to click to accept the unsigned key because you're too cheap to
> buy us an authenticated SSL key, boo-hoo".
>
> It's like sending people passwords via email. It's so dangerous in so
> many cases that there's just no excuse for doing it, even when it's
> relatively safe.
Kalin Kozhuharov wrote:
>> ... a few examples where http is useful:
>> 1. A VPN endpoint and SVN/HTTP server on the same machine, no acces
>> except through the (encrypted) VPN
>> 2. A physically secure and isolated (from the Net) LAN
>> 3. Anonymous (RO) public repositories
Nico Kadel-Garcia wrote:
>>> ... HTTP should frankly never be used. ...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Apr 27 13:32:22 2006