subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <nka...@gmail.com>
Subject Fine and secure dining, was Re: svnadmin create and not being method agnostic
Date Mon, 03 Jan 2011 03:43:31 GMT
[ Changing the subject line, this has gone off the deep end, partly my fault. ]

On Sun, Jan 2, 2011 at 7:50 PM, Tony Sweeney <tsweeney@omnifone.com> wrote:
>
>
> -----Original Message-----
> From: Nico Kadel-Garcia [mailto:nkadel@gmail.com]

>>It's not cow. Subversion security is *goat*. Inexpensive to buy the
>>unprepared meat, but it;'s fairly gamey, risky for inexperienced
>>chefs, and raises suspicious eyebrows if anyone sees you with the big
>>hammer you need to tenderize it. But if the chef's time costs less
>>than the raw materials, some customers want it.
>
> Ahem.  Subversion security is not goat.  Goat is fine eating, from the Caribbean to
the middle east and central and southern Asia.  Subversion security is *roadkill*.  At the
top end, Apache security is venison; a delicacy that many would be happy to pay for or indeed
to hunt themselves.  At the low end, svnserve security is possum; hey, it's free, and it
does the job so long as you hold your nose while you swallow.  I'll leave it to others to
fill in the intermediate tiers/tieren*.

Dude, I've eaten all of them. Goat is fine eating after you've hidden
the actual flavor of the goat, it's very tough meat and very gamey.
(High uric acid content.) Possum is, admittedly, even more gamey, at
least when I've had it. (Although I wasn't the cook.)

It's possible to do secure Subversion. Use svn+ssh access, disable or
block other services at the firewall, and keep it away from HTTP/HTTPS
in order to prevent UNIx or Linux client plaintext password storage.
It's just tricky and a lot of work, and you wind up having to do it
yourself due to the non-existent Subversion specific shell for
designated 'svn' users, and the lack of a CGI utility that would
support suexec operations for suexec based shell sites, and the fact
that "svnadmin hotcopy" doesn't preserve permissions or uid/gid
settings when you duplicate repositories.

Mime
View raw message