[FFmpeg-devel] [RFC] libswscale into the FFmpeg SVN repo

Diego Biurrun diego
Sat Apr 4 22:52:57 CEST 2009 

On Sat, Apr 04, 2009 at 10:25:22PM +0200, Michael Niedermayer wrote:
> On Sat, Apr 04, 2009 at 09:04:57PM +0200, Diego Biurrun wrote:
> > On Sat, Apr 04, 2009 at 06:18:14PM +0200, Michael Niedermayer wrote:
> > > On Sat, Apr 04, 2009 at 05:41:13PM +0200, Christian Iversen wrote:
> > > > Michael Niedermayer wrote:
> > > >> i think the way CVS did versioning was more flexible and powerfull, and
> > > >> no iam not saying the cvs implementation was good, with its non atomic
> > > >> changes, lack of move&copy tracking per directory commit mails ...
> > > >> Fixing the CVS implementation and storing the file path in the RCS files
> > > >> instead of storing the RCS files in the path would have made cvs more
> > > >> powerfull than svn is today. (that is instead of a tree with the rcs files
> > > >> as leafs, there could be a flat list of rcs files where each stores where
> > > >> in the tree it is under which name for each revission or if that revission
> > > >> existed rather outside of the tree in a difeferent repo)
> > > >> And with a RCS file upload/download (aka push/pull) cvs could have been
> > > >> used offline and distributed ...
> > > >> i never understood why people droped cvs and started to work on svn that
> > > >> is in several ways inferrior (less secure, no moving between repos, 
> > > >> database
> > > >> shit, ...)
> > > >
> > > > I'm interested, how is it less secure?
> > > 
> > > IIRC it is vulnerable to simple off line password bruteforcing if one
> > > can listen to any svn traffic, and it is vulnerable to man in the
> > > middle attacks.
> > 
> > How so?
> 
> no authetication of trafic just cram-md5 password check IIRC
> did i miss something?

How would this enable MITM attacks?

What you seem to be missing is to differentiate between issues of
Subversion itself and unrelated usage problems.

> > > cvs goes over ssh ...
> > 
> > CVS does not "go over ssh", the native pserver implementation is a
> > security nightmare.
> > 
> > You can tunnel CVS over ssh, but the same can be done for Subversion.
> 
> the point is, cvs at mphq was over ssh, svn at mphq is not over anything secure

You clearly made a statement about Subversion in general, not over any
specific usage.

Diego

More information about the ffmpeg-devel mailing list