[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[tools-pmc] [Fwd: Re: http and https for /svnroot/tools]
|
Hi Matt,
Is this risk assessment based on actual events with SVN repositories
that has been compromised by the Apache daemon?
I've been trying to dig up more information about this but I can't find
anything. Does the recommendation stem from the Subversion community?
Personally, I think that we are in good shape with respect to code
protection. I'm sure you keep daily backups and if the absolute worse
should happen and even the backups would burn there are still plenty of
checked out sources around.
Regards,
Thomas Hallgren
-------- Original Message --------
Subject: Re: http and https for /svnroot/tools
Date: Wed, 13 Feb 2008 11:13:27 -0500
From: Webmaster(Matt Ward) <webmaster@xxxxxxxxxxx>
To: Thomas Hallgren <thomas@xxxxxxx>
References: <47B30943.7050405@xxxxxxx> <47B312C4.2050009@xxxxxxxxxxx>
<47B313F5.1070809@xxxxxxx>
Hi Thomas,
Ultimately because it requires that the apache daemon have full access
to the repo, so should something happen to the apache daemon your
repository could be at risk. You folks put a lot of effort into this
code so we err on the side of caution to protect that hard work.
-Matt.
Just out of curiosity, why do you recommend strongly against use of
https?
- thomas
Webmaster(Matt Ward) wrote:
Hi Thomas,
This is because by default we don't expose SVN via http/https. We
strongly recommend against using the https access method and it is
enabled for the technology project only because there are committers
behind a firewall that does not allow SSH connections. I can enable
anonymous browsing via http but that request really should come from
the Tools PMC.
-Matt.
Thomas Hallgren wrote:
Hi,
I'm no longer able to access the Buckminster SVN repository using
http and https. I'm not sure if that happened during the move from
technology to tools or if it happened during the last two days when
I encountered the other (SVNKit/JavaHL related) access problem.
Can you please check? I would like both http and https enabled if
that's OK.
Thanks,
Thomas Hallgren
--
Eclipse WebMaster - webmaster@xxxxxxxxxxx
Questions? Consult the WebMaster FAQ at http://wiki.eclipse.org/index.php/Webmaster_FAQ
View my status at http://wiki.eclipse.org/index.php/WebMaster