[FFmpeg-devel] [RFC] libswscale into the FFmpeg SVN repo

Michael Niedermayer michaelni
Sat Apr 4 22:25:22 CEST 2009 

On Sat, Apr 04, 2009 at 09:04:57PM +0200, Diego Biurrun wrote:
> On Sat, Apr 04, 2009 at 06:18:14PM +0200, Michael Niedermayer wrote:
> > On Sat, Apr 04, 2009 at 05:41:13PM +0200, Christian Iversen wrote:
> > > Michael Niedermayer wrote:
> > >> i think the way CVS did versioning was more flexible and powerfull, and
> > >> no iam not saying the cvs implementation was good, with its non atomic
> > >> changes, lack of move&copy tracking per directory commit mails ...
> > >> Fixing the CVS implementation and storing the file path in the RCS files
> > >> instead of storing the RCS files in the path would have made cvs more
> > >> powerfull than svn is today. (that is instead of a tree with the rcs files
> > >> as leafs, there could be a flat list of rcs files where each stores where
> > >> in the tree it is under which name for each revission or if that revission
> > >> existed rather outside of the tree in a difeferent repo)
> > >> And with a RCS file upload/download (aka push/pull) cvs could have been
> > >> used offline and distributed ...
> > >> i never understood why people droped cvs and started to work on svn that
> > >> is in several ways inferrior (less secure, no moving between repos, 
> > >> database
> > >> shit, ...)
> > >
> > > I'm interested, how is it less secure?
> > 
> > IIRC it is vulnerable to simple off line password bruteforcing if one
> > can listen to any svn traffic, and it is vulnerable to man in the
> > middle attacks.
> 
> How so?

no authetication of trafic just cram-md5 password check IIRC
did i miss something?


> 
> > cvs goes over ssh ...
> 
> CVS does not "go over ssh", the native pserver implementation is a
> security nightmare.
> 
> You can tunnel CVS over ssh, but the same can be done for Subversion.

the point is, cvs at mphq was over ssh, svn at mphq is not over anything secure

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is not what we do, but why we do it that matters.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20090404/e456fdc8/attachment.pgp>

More information about the ffmpeg-devel mailing list