Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Buckminster dev » https and Buckminster
https and Buckminster [message #3468] Wed, 13 February 2008 15:36 Go to next message
Thomas Hallgren is currently offline Thomas Hallgren
Messages: 3208
Registered: July 2009
Senior Member
This posting concerns Buckminster committers only.

I've been having a dialog with Matt (webmaster at Eclipse) concerning https access to the
Buckminster SVN repository. Apparently there's an increased risk for malicious attacks when using
this protocol so it's not recommended unless we really have the need for it. The 'need' can be
categorized in two:

1. Need to use https because it's too damn hard to set up proper ssl handshake.
2. Need to use https because you're behind a firewall that doesn't permit ssl.

#1 is possible to overcome. In fact, we did add a pretty good web-page that explains how to do this
a while back. You can view it here:

http://wiki.eclipse.org/Committer_access_%28Buckminster%29

#2 is a real problem. But AFAIK, none of the committers to this project is in this position. If I'm
wrong and you are or expect to be in a near future, let me know.

For now, I will retract my request for https access to the Buckminster SVN.

Anonymous http access to our SVN is enabled as of today and it seems to work just fine.

Regards,
Thomas Hallgren
Re: https and Buckminster [message #13673 is a reply to message #3468] Thu, 03 April 2008 18:47 Go to previous message
Henrik Lindberg is currently offline Henrik Lindberg
Messages: 2493
Registered: July 2009
Senior Member
Hi, I recently switched to using a Mac and OS X, and I am not sure how
easy it is to set up svn+ssh. So, what I am really saying is that I may
come back with a request to use https :)

- henrik

Thomas Hallgren wrote:
> This posting concerns Buckminster committers only.
>
> I've been having a dialog with Matt (webmaster at Eclipse) concerning
> https access to the Buckminster SVN repository. Apparently there's an
> increased risk for malicious attacks when using this protocol so it's
> not recommended unless we really have the need for it. The 'need' can be
> categorized in two:
>
> 1. Need to use https because it's too damn hard to set up proper ssl
> handshake.
> 2. Need to use https because you're behind a firewall that doesn't
> permit ssl.
>
> #1 is possible to overcome. In fact, we did add a pretty good web-page
> that explains how to do this a while back. You can view it here:
>
> http://wiki.eclipse.org/Committer_access_%28Buckminster%29
>
> #2 is a real problem. But AFAIK, none of the committers to this project
> is in this position. If I'm wrong and you are or expect to be in a near
> future, let me know.
>
> For now, I will retract my request for https access to the Buckminster SVN.
>
> Anonymous http access to our SVN is enabled as of today and it seems to
> work just fine.
>
> Regards,
> Thomas Hallgren
Previous Topic:[buckminster-dev] How buckminster compile a plugin which depends on other plugins?
Next Topic:[buckminster-dev] New to Buckminster
Goto Forum:
  


Current Time: Thu Apr 24 15:02:20 EDT 2014

Powered by FUDForum. Page generated in 0.02247 seconds