httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: [PROPOSAL] Move httpd to the subversion repository
Date Mon, 15 Mar 2004 10:52:58 GMT
Justin Erenkrantz wrote:

> --On Sunday, March 14, 2004 11:18 PM -0600 "William A. Rowe, Jr." 
> <wrowe@rowe-clan.net> wrote:
> 
>> as the GNU, ASF, and SF projects all discovered, full backups by third
>> parties are invaluable. What is the equivalent to rsync, and is it as 
>> stable?
> 
> I think you mean cvsup not rsync.  We're currently creating incremental 
> dumps on every commit.  Those can be digitally signed and rsync'd 
> off-site.  This is far more secure and auditable than any CVS-based 
> solution

It is? How? Unless the committer signs (which ISTR was rejected as an 
option when I suggested it, so I'm assuming that doesn't happen), then 
they must be signed by the server - a successful attacker can therefore 
sign his modifications, too. Or am I missing something? (I don't use 
subversion yet, so forgive me if the answer is obvious).

> - and is in fact, one reason why the ASF root@ers and the board 
> want to get off CVS.

It is news to me that the board have expressed this view.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message