Secure SVN access

Greeetings to php-core developers,

Am I right that there is no https:// and svn+ssh:// access to
svn.php.net repositories?
If that's the case - how do you feel about sniffing developer's
passwords?

We use Digest authentication so while they are sniffable its not
replayable and they are hashed with a nonce.

Scott

Hi anatoly,

there problem is not only with SVN. In principle if a developer logs in to
the PHP bug tracking system on http://bugs.php.net he also uses his password
in plain text. Because of this, I see no difference here. I personally use a
different password for PHP and no high-security one I use elsewhere.

In general PHP is Open Source Software, if somebody misuses a PHP's
developers passwords, all these changes can be reverted in SVN, so I see no
problem. Additionally all commits are reviewed by the commit mailing list
subscribers (all developers).

Uwe Schindler
thetaphi@php.net - http://www.php.net
NSAPI SAPI developer
Bremen, Germany

-----Original Message-----
From: techtonik@gmail.com [mailto:techtonik@gmail.com] On Behalf Of
techtonik
Sent: Thursday, September 03, 2009 2:48 PM
To: internals@lists.php.net
Subject: [PHP-DEV] Secure SVN access

Greeetings to php-core developers,

Am I right that there is no https:// and svn+ssh:// access to
svn.php.net repositories?
If that's the case - how do you feel about sniffing developer's passwords?

Please, CC.

--anatoly t.

2009/9/3 techtonik techtonik@php.net:

Greeetings to php-core developers,

Am I right that there is no https:// and svn+ssh:// access to
svn.php.net repositories?
If that's the case - how do you feel about sniffing developer's passwords?

Please, CC.

--anatoly t.

--

Was this any different when using cvs?

--

Richard Quadling
"Standing on the shoulders of some very clever giants!"
EE : http://www.experts-exchange.com/M_248814.html
Zend Certified Engineer : http://zend.com/zce.php?c=ZEND002498&r=213474731
ZOPA : http://uk.zopa.com/member/RQuadling