Jing Luo wrote:
> Now that it's almost 2024, HTTP/2 is support by apache2 is mature, it's
> probably time for savannah and *.gnu.org to support HTTP/2. It brings better
> performance and requires TLS 1.3, but I'll leave this discussion/decision to
> FSF admins.
HTTP/2 brings more performance but
On Sat, Feb 24, 2024 at 02:07:15PM -0700, Bob Proulx wrote:
>
> I see that nothing more has happened on this issue since then. My bad
> that I have been busy with other things and not driving on this issue.
>
> What's the plan to address the security vulnerability by having this
> private
Ineiev wrote:
> I'm not sure why. the permissions will prevent anonymous access.
> that's what Savannah has always done with CVS directories of private
> groups.
This is in a PUBLIC DIRECTORY. Everything has always assumed that all
of those files are publically accessible files. Trying to block
Ineiev wrote:
> I have a hypothesis. I may have changed the permissions when
> I modified sv_groups to create repositories of private groups
> with less permissive access in November. gnueval was the only
> private group using Subversion, so no other repositories were
> affected.
I see that