[MPlayer-dev-eng] Re: svn account for C.E. Hoyos

Ivan Kalvachev ikalvachev at gmail.com
Mon Mar 19 01:37:24 CET 2007


2007/3/19, Rich Felker <dalias at aerifal.cx>:
> On Mon, Mar 19, 2007 at 01:32:50AM +0200, Ivan Kalvachev wrote:
> > 2007/3/19, Carl Eugen Hoyos <cehoyos at ag.or.at>:
> > >Uoti Urpala <uoti.urpala <at> pp1.inet.fi> writes:
> > >
> > >> If you tried to log in there using your svn password that means you kept
> > >> sending the password in cleartext, which isn't such a smart thing to
> > >> do...
> > >
> > >I didn't know that svn is sending encrypted passwords.
> >
> > They are hashed (cram), not plaintext.
> >
> > There was a mail thead about svn passwords, can't find it now. I guess
> > when svn+ssl is released we'd switch to it.
>
> Why? The authentication process is secure. More secure than buggy ssl
> implementations that might lead to privilege elevation.. :)

I don't understand what privilege elevations are you talking abuot.
Maybe you think for ssh, or apache2?

There is (was) native svn protocol with ssl in development, but I have
no idea if it  have been merged or is still in development.

http://svn.collab.net/viewvc/svn/branches/svnserve-ssl/

> > I think that our ftp server should support some form of encryption,
> > but it is not enforced.
>
> There is no such thing as encryption for ftp.

http://en.wikipedia.org/wiki/Ftps



More information about the MPlayer-dev-eng mailing list