[FFmpeg-devel] [RFC] libswscale into the FFmpeg SVN repo

Måns Rullgård mans
Sat Apr 4 23:16:31 CEST 2009 

Diego Biurrun <diego at biurrun.de> writes:

> On Sat, Apr 04, 2009 at 10:00:09PM +0100, M?ns Rullg?rd wrote:
>> Diego Biurrun <diego at biurrun.de> writes:
>> 
>> > On Sat, Apr 04, 2009 at 10:25:22PM +0200, Michael Niedermayer wrote:
>> >> On Sat, Apr 04, 2009 at 09:04:57PM +0200, Diego Biurrun wrote:
>> >> > On Sat, Apr 04, 2009 at 06:18:14PM +0200, Michael Niedermayer wrote:
>> >> > > On Sat, Apr 04, 2009 at 05:41:13PM +0200, Christian Iversen wrote:
>> >> > > > Michael Niedermayer wrote:
>> >> > > >> i think the way CVS did versioning was more flexible and
>> >> > > >> powerfull, and no iam not saying the cvs implementation was
>> >> > > >> good, with its non atomic changes, lack of move&copy
>> >> > > >> tracking per directory commit mails ...  Fixing the CVS
>> >> > > >> implementation and storing the file path in the RCS files
>> >> > > >> instead of storing the RCS files in the path would have made
>> >> > > >> cvs more powerfull than svn is today. (that is instead of a
>> >> > > >> tree with the rcs files as leafs, there could be a flat list
>> >> > > >> of rcs files where each stores where in the tree it is under
>> >> > > >> which name for each revission or if that revission existed
>> >> > > >> rather outside of the tree in a difeferent repo) And with a
>> >> > > >> RCS file upload/download (aka push/pull) cvs could have been
>> >> > > >> used offline and distributed ...  i never understood why
>> >> > > >> people droped cvs and started to work on svn that is in
>> >> > > >> several ways inferrior (less secure, no moving between
>> >> > > >> repos, database shit, ...)
>> >> > > >
>> >> > > > I'm interested, how is it less secure?
>> >> > > 
>> >> > > IIRC it is vulnerable to simple off line password bruteforcing if one
>> >> > > can listen to any svn traffic, and it is vulnerable to man in the
>> >> > > middle attacks.
>> >> > 
>> >> > How so?
>> >> 
>> >> no authetication of trafic just cram-md5 password check IIRC
>> >> did i miss something?
>> >
>> > How would this enable MITM attacks?
>> 
>> The server will not notice if an attacker intercepts the connection
>> and alters some data after the authentication has succeeded.
>
> All you need is an encrypted connection.

Which the usual svn protocol doesn't provide.

-- 
M?ns Rullg?rd
mans at mansr.com

More information about the ffmpeg-devel mailing list