httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Striker <>
Subject Re: [PROPOSAL] Move httpd to the subversion repository
Date Tue, 16 Mar 2004 20:52:49 GMT
On Tue, 2004-03-16 at 21:20, Ben Laurie wrote:
> William A. Rowe, Jr. wrote:
> > At 11:27 AM 3/16/2004, Ben Laurie wrote:
> > 
> >>Justin Erenkrantz wrote:
> >>
> >>
> >>>--On Monday, March 15, 2004 10:52 AM +0000 Ben Laurie <>
> >>>
> >>>
> >>>>It is? How? Unless the committer signs (which ISTR was rejected as an
> >>>>when I suggested it, so I'm assuming that doesn't happen), then they
must be
> >>>>signed by the server - a successful attacker can therefore sign his
> >>>>modifications, too. Or am I missing something? (I don't use subversion
> >>>>so forgive me if the answer is obvious).
> >>>
> >>>We're talking about ensuring the integrity of the repository here, not whether
malicious people can commit.
> >>
> >>I know.
> > 
> > 
> > Uhm I beg to differ - I care about both issues :)
> I didn't say I didn't care! I said I knew what we were talking about. I 
> also care about malicious users.

Can we please move this discussion to infrastructure@?

A lot of the points discussed aren't about technical problems of httpd
moving over, but overall topics concerning our setup.  Most of the
concerns that have come up are things that people not directly
involved with Infrastructure are likely never having to deal with.

PKI, integrated with/on top of, Subversion, can be a joint effort
between the Infrastructure and Security Team.  If a good, practical
solution can be put together we can start looking how to roll that


View raw message