On 10 December 2017 at 17:46, Yuri <y...@rawbw.com> wrote: > On 12/10/17 09:39, Igor Mozolevsky wrote: > > There has been no instance of in-transit compromise reported since SVN was > introduced. > > Even when the back-end was compromised, there was not detectable compromise > of the codebase [1]. So even if the codebase was compromised, unless > people**really knew** what they were doing, HTTPS would seed a false sense of > security. > > > This is another incarnation of the bogus argument: https also has some > vulnerabilities, so let's just stay with a completely insecure http until > some ideal solution will be found in the future. >
Hypothetical MITM-bogeyman and "suits not knowing that I use FreeBSD" doesn't make SVN over HTTP insecure. -- Igor M. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
