Re: cvs.debian.org problem

To: debian-devel@lists.debian.org
Subject: Re: cvs.debian.org problem
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 31 Jan 2003 09:54:55 +0000
Message-id: <[🔎] 20030131095455.GD13110@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030131045859.GB2611@alcor.net>
References: <[🔎] 20030128102718.GY17342@xs4all.nl> <[🔎] 20030128143507.GN3088@finlandia.Infodrom.North.DE> <[🔎] 20030128172034.GA22638@home.ouaza.com> <[🔎] 20030128223908.GB31045@molehole.dyndns.org> <[🔎] E18dnxN-0001Vm-00@mid.downhill.at.eu.org> <[🔎] 20030129213634.GC683@alcopop.org> <[🔎] 20030129234054.GA15337@molehole.dyndns.org> <[🔎] 20030130165553.GG8295@alcor.net> <[🔎] 20030130202135.GA3763@molehole.dyndns.org> <[🔎] 20030131045859.GB2611@alcor.net>

On Thu, Jan 30, 2003 at 11:58:59PM -0500, Matt Zimmerman wrote:
> On Thu, Jan 30, 2003 at 02:21:35PM -0600, Steve Greenland wrote:
> > Are you saying that network access via subversion is no more secure than
> > CVS pserver? Can you point me at info about this? (I'm not arguing with
> > you, I'm just surprised, as I thought one of the goals of svn was better
> > c/s than CVS.)
> 
> I don't know whether it is a goal or not, but subversion is still very much
> under development, and some of its goals have not yet been met.
> 
> Currently, the only secure access method for subversion is to use a local
> repository.  cvs can be quite reasonably secured using rsh-tunneled
> operation with ssh, while the only network option for subversion is https,
> and subversion does not verify server certificates, leaving the door open
> for a man-in-the-middle attack.
> 
> At least, this was the case when I last investigated it.

You're now out of date. As of 0.16 or so, Subversion has an
SSH-tunnellable protocol (ra_svn), and work on SSL certificates is
progressing.

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Follow-Ups:
- Re: cvs.debian.org problem
  - From: Matt Zimmerman <mdz@debian.org>

References:
- Re: cvs.debian.org problem
  - From: Thomas Wouters <thomas@xs4all.net>
- Re: cvs.debian.org problem
  - From: Martin Schulze <joey@infodrom.org>
- Re: cvs.debian.org problem
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: cvs.debian.org problem
  - From: Steve Greenland <steveg@moregruel.net>
- Re: cvs.debian.org problem
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: cvs.debian.org problem
  - From: debian@alcopop.org
- Re: cvs.debian.org problem
  - From: Steve Greenland <steveg@moregruel.net>
- Re: cvs.debian.org problem
  - From: Matt Zimmerman <mdz@debian.org>
- Re: cvs.debian.org problem
  - From: Steve Greenland <steveg@moregruel.net>
- Re: cvs.debian.org problem
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: System user groups
Next by Date: Re: CLUEBAT: copyrights, infringement, violations, and legality
Previous by thread: Re: cvs.debian.org problem
Next by thread: Re: cvs.debian.org problem
Index(es):
- Date
- Thread