On Fri, Nov 25, 2016 at 11:20 AM, Branko Čibej <brane_at_apache.org> wrote:
> On 25.11.2016 11:11, Olaf van der Spek wrote:
>> Hi,
>>
>> Currently I'm running svnserve on a Debian VM on my PC. I'd like to
>> move it to a server on the internet but I don't get how to do this
>> securely.
>> Svnserve doesn't support encryption, right, so I can't expose it on a
>> public port directly.
>> I'm aware of Subversion via Apache but I don't run Apache and I don't
>> want to give the entire web server access to repos anyway.
>> I also don't want to give each SVN user a shell account..
>> What's the proper way to do this?
>
> Use stunnel in front of svnserve:
>
> https://www.stunnel.org/
>
>
> HOWEVER:
>
> You'll also have to put stunnel on every _client_ machine because the
> Subversion client does not support encrypte svn:// protocol natively.
> Depending on the kinds of clients you support, that could be either very
> easy or extremely complex.
I'm using TortoiseSVN on Windows and the command-line client on Linux.
>
>> Wouldn't it be good if svnserve supported encryption directly?
>
> It would be a moderately nice-to-have feature, but given that stunnel
> exists, it's not necessary. In fact, it's better not to reinvent
> security features that are available in existing, mature software.
Using TLS isn't exactly reinventing security features is it?
Received on 2016-11-25 11:29:40 CET