subversion-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bert Huijben <>
Subject RE: svn+ssh long-lived daemon
Date Fri, 20 Nov 2015 17:36:16 GMT
But in case of git you have git-ssh like servers implemented as a combination of two tools
which avoid these problems. (Sometimes in java though). Perhaps we could also look in that
direction instead of looking at a new protocol between svnserve and ssh.

Or checking if ssh style public key authentication could be introduced directly in the svnserve

Both these options would also fix the problems raised.


Sent from Outlook Mail for Windows 10 phone

From: Mark Phippard
Sent: vrijdag 20 november 2015 15:20
To: Bert Huijben
Cc: Philip Martin;Ivan Zhakov;Daniel Shahaf;
Subject: Re: svn+ssh long-lived daemon

I've always felt the same, but now that I've used SSH more (with Git) I kind of question it.

Are HTTP client certs much better than passwords?  The cert itself still has to be physically
secured and if you protect the cert with a passphrase then you have all of the same cache
problems that passwords do.

With SSH there is infrastructure like ssh-agent that just does not exist for HTTP.


On Fri, Nov 20, 2015 at 9:16 AM, Bert Huijben <> wrote:
With the right tooling both operations should be equivalent. Perhaps it is easier to spend
time on that.
Sent from Outlook Mail for Windows 10 phone

From: Philip Martin
Sent: vrijdag 20 november 2015 12:21
To: Ivan Zhakov
Cc: Daniel Shahaf;
Subject: Re: svn+ssh long-lived daemon
Ivan Zhakov <> writes:
> 5. HTTPS authentication using client certificates
Client certificates are a possibility.  There are some drawbacks: the
signing authority has to be maintained, revoking a certificate is more
complicated than removing a key from the authorized_keys file.
Philip Martin


Mark Phippard

View raw message