[fossil-users] server SSL support
Hi, could you, please, implement built-in SSL support in fossil server? This will make collaboration easier, since there will be no need to configure/run a separate webserver... Thank you, ST ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] server SSL support
why not put it inside in order not to bother with 3rd party stuff? On Tue, 2012-11-13 at 15:01 +0100, Joerg Sonnenberger wrote: On Tue, Nov 13, 2012 at 04:05:17PM +0200, ST wrote: Hi, could you, please, implement built-in SSL support in fossil server? This will make collaboration easier, since there will be no need to configure/run a separate webserver... You can use stunnel or other wrappers easily. Joerg ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] server SSL support
On Nov 13, 2012, at 15:09 , ST wrote: why not put it inside in order not to bother with 3rd party stuff? To keep the core small? Kind regards, Remigiusz Modrzejewski ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] server SSL support
On 11/13/2012 03:12 PM, Remigiusz Modrzejewski wrote: On Nov 13, 2012, at 15:09 , ST wrote: why not put it inside in order not to bother with 3rd party stuff? To keep the core small? Also, safer. TLS is a bag of vulnerabilities waiting for a chance* to get out; better to keep it closed, in a separate unprivileged chrooted process. *) chances to get out are greatly improved if combined with insanity of OpenSSL API. See also http://www.daemonology.net/blog/2009-09-28-securing-https.html -- Dmitry Chestnykh http://www.codingrobots.com ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] server SSL support
-Original Message- From: fossil-users-boun...@lists.fossil-scm.org [mailto:fossil-users- boun...@lists.fossil-scm.org] On Behalf Of Remigiusz Modrzejewski Sent: Tuesday, November 13, 2012 6:12 AM To: Fossil SCM user's discussion Subject: Re: [fossil-users] server SSL support On Nov 13, 2012, at 15:09 , ST wrote: why not put it inside in order not to bother with 3rd party stuff? To keep the core small? A recent survey of apps that provided built-in SSH implementations found that nearly 70% included significant security flaws not present in external packages. The main problems were cutpaste errors, and failure to track updates to borrowed or hard-linked code. On the flip side, including encryption may make your app illegal for export to, or use within, certain countries. If a highly-regarded external app will provide the needed encryption, use it! -BobC ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
Re: [fossil-users] server SSL support
On the other hand I think that what has been said in this topic should be in the FAQ of the fossil site. Maybe with a link to an fool proof how-to. 2012/11/13, Cunningham, Robert rcunning...@nsmsurveillance.com: -Original Message- From: fossil-users-boun...@lists.fossil-scm.org [mailto:fossil-users- boun...@lists.fossil-scm.org] On Behalf Of Remigiusz Modrzejewski Sent: Tuesday, November 13, 2012 6:12 AM To: Fossil SCM user's discussion Subject: Re: [fossil-users] server SSL support On Nov 13, 2012, at 15:09 , ST wrote: why not put it inside in order not to bother with 3rd party stuff? To keep the core small? A recent survey of apps that provided built-in SSH implementations found that nearly 70% included significant security flaws not present in external packages. The main problems were cutpaste errors, and failure to track updates to borrowed or hard-linked code. On the flip side, including encryption may make your app illegal for export to, or use within, certain countries. If a highly-regarded external app will provide the needed encryption, use it! -BobC ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users ___ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users