Bugzilla – Full Text Bug Listing
| Summary: | Please add http: access for /svnroot/dsdp | ||
|---|---|---|---|
| Product: | Community | Reporter: | Martin Oberhuber <mober.at+eclipse> |
| Component: | Subversion | Assignee: | Eclipse Webmaster <webmaster> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | P3 | CC: | dgaff.eclipse, eugene, felix.burton |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
| Bug Depends on: | 214493 | ||
| Bug Blocks: | |||
|
Description
Martin Oberhuber
The webmasters feel that there is an inherent risk in enabling https access to the repository, as we need to grant write access to our web server to the complete repository. Anyone who exploits any hole in our website code can potentially gain write access to your repository. If you only want http, then there is no problem, but http is anonymous-only. https would be for committers. Please confirm if you just want http, or both http and https (for commit access). Just http: is fine for me. If https: is a risk, can it be removed from all the repositories, and from the SVN_Howto Wiki page? Currently, /svnroot/technology is accessible through https. > If https: is a risk, can it be removed from all the repositories, and from the > SVN_Howto Wiki page? Currently, /svnroot/technology is accessible through > https. Trust me, we struggled hard to not implement it at all. Some projects in Technology need it, as some committers behind corporate firewalls cannot establish ssh connections. They are aware of the implications but have no other choice. See bug 168282 for the nitty gritty. I've updated the SVN howto document to reflect this. Done. http://dev.eclipse.org/svnroot/dsdp You'll still need to commit changes via svn+ssh. -M. |