> -----Original Message----- > From: [email protected] [mailto:fossil-users- > [email protected]] On Behalf Of Remigiusz Modrzejewski > Sent: Tuesday, November 13, 2012 6:12 AM > To: Fossil SCM user's discussion > Subject: Re: [fossil-users] server SSL support > > > On Nov 13, 2012, at 15:09 , ST wrote: > > > why not put it inside in order not to bother with 3rd party stuff? > > To keep the core small?
A recent survey of apps that provided built-in SSH implementations found that nearly 70% included significant security flaws not present in external packages. The main problems were cut&paste errors, and failure to track updates to borrowed or hard-linked code. On the flip side, including encryption may make your app illegal for export to, or use within, certain countries. If a highly-regarded external app will provide the needed encryption, use it! -BobC _______________________________________________ fossil-users mailing list [email protected] http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
