[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Fine and secure dining, was Re: svnadmin create and not being method agnostic

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sun, 2 Jan 2011 22:43:31 -0500

[ Changing the subject line, this has gone off the deep end, partly my fault. ]

On Sun, Jan 2, 2011 at 7:50 PM, Tony Sweeney <tsweeney_at_omnifone.com> wrote:
>
>
> -----Original Message-----
> From: Nico Kadel-Garcia [mailto:nkadel_at_gmail.com]

>>It's not cow. Subversion security is *goat*. Inexpensive to buy the
>>unprepared meat, but it;'s fairly gamey, risky for inexperienced
>>chefs, and raises suspicious eyebrows if anyone sees you with the big
>>hammer you need to tenderize it. But if the chef's time costs less
>>than the raw materials, some customers want it.
>
> Ahem.  Subversion security is not goat.  Goat is fine eating, from the Caribbean to the middle east and central and southern Asia.  Subversion security is *roadkill*.  At the top end, Apache security is venison; a delicacy that many would be happy to pay for or indeed to hunt themselves.  At the low end, svnserve security is possum; hey, it's free, and it does the job so long as you hold your nose while you swallow.  I'll leave it to others to fill in the intermediate tiers/tieren*.

Dude, I've eaten all of them. Goat is fine eating after you've hidden
the actual flavor of the goat, it's very tough meat and very gamey.
(High uric acid content.) Possum is, admittedly, even more gamey, at
least when I've had it. (Although I wasn't the cook.)

It's possible to do secure Subversion. Use svn+ssh access, disable or
block other services at the firewall, and keep it away from HTTP/HTTPS
in order to prevent UNIx or Linux client plaintext password storage.
It's just tricky and a lot of work, and you wind up having to do it
yourself due to the non-existent Subversion specific shell for
designated 'svn' users, and the lack of a CGI utility that would
support suexec operations for suexec based shell sites, and the fact
that "svnadmin hotcopy" doesn't preserve permissions or uid/gid
settings when you duplicate repositories.
Received on 2011-01-03 04:50:47 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.