On 12/10/17 09:39, Igor Mozolevsky wrote:
There has been no instance of in-transit compromise reported since SVN was
introduced.
Even when the back-end was compromised, there was not detectable compromise
of the codebase [1]. So even if the codebase was compromised, unless people
*really knew* what they were doing, HTTPS would seed a false sense of
security.
This is another incarnation of the bogus argument: https also has some
vulnerabilities, so let's just stay with a completely insecure http
until some ideal solution will be found in the future.
Yuri
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
