http subversion URLs should be discontinued in favor of https URLs
Yuri
yuri at rawbw.com
Sun Dec 10 17:48:41 UTC 2017
On 12/10/17 09:39, Igor Mozolevsky wrote:
> There has been no instance of in-transit compromise reported since SVN was
> introduced.
>
> Even when the back-end was compromised, there was not detectable compromise
> of the codebase [1]. So even if the codebase was compromised, unless people
> *really knew* what they were doing, HTTPS would seed a false sense of
> security.
This is another incarnation of the bogus argument: https also has some
vulnerabilities, so let's just stay with a completely insecure http
until some ideal solution will be found in the future.
Yuri
More information about the freebsd-security
mailing list