subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nico Kadel-Garcia <>
Subject Re: Secure svnserve?
Date Sat, 26 Nov 2016 14:22:14 GMT
On Fri, Nov 25, 2016 at 5:11 AM, Olaf van der Spek <> wrote:
> Hi,
> Currently I'm running svnserve on a Debian VM on my PC. I'd like to
> move it to a server on the internet but I don't get how to do this
> securely.
> Svnserve doesn't support encryption, right, so I can't expose it on a
> public port directly.

svn+ssh works quite well, and gets *away* from the horrible, horrible
tendency of clients to save a passphrase in clear text by default.
That single behavior is one of the big reasons not to use most
Subversion sites by default. svn+ssh has a similar, but not quite as
egregious, problem that the SSH client tools can also store SSH keys
without a passphrase, by default. But an SSH private key is less
likely to be the same password used by a careless employee or
developer for their logins, email, banking, and online game logins.

> I'm aware of Subversion via Apache but I don't run Apache and I don't
> want to give the entire web server access to repos anyway.
> I also don't want to give each SVN user a shell account..
> What's the proper way to do this?
> Wouldn't it be good if svnserve supported encryption directly?
> --
> Olaf

See above. And yes, it might be useful, but integrating encryption
into high performance can seriously destabilize it.

View raw message