Hi, Am Dienstag, den 04.09.2007, 13:10 -0700 schrieb Kaleb Pederson: > Yes, you are exactly right. This was discovered a while ago and documented > in > our SECURITY document currently only in CVS. You can see it here: > > http://scponly.cvs.sourceforge.net/scponly/scponly/SECURITY?revision=1.1&view=markup > > We have debated whether or not support for svn and svnserve should be removed > entirely or if it should be controllable by the system administrator. As the > OS can be configured to safely allow svn/svnserve, I think we leaned towards > making it obvious what the ramifications of the different options are and > leaving it up to the discretion of the system administrator. For instances > where the svn repository is actually controlled by the administrator, this > makes perfect sense. > > Please forgive us that this wasn't brought to the attention of the community > earlier, unfortunately our time limits us more than we like. > > Community members, please let us know what your feelings on this are so that > we have as few surprises as possible with our next release.
I assume then that svn/svnserve support is by default off in the original package and that the Debian package should also not have svn/svnserve support. Greetings, Joachim -- Joachim "nomeata" Breitner Debian Developer [EMAIL PROTECTED] | ICQ# 74513189 | GPG-Keyid: 4743206C JID: [EMAIL PROTECTED] | http://people.debian.org/~nomeata -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
