On 1/19/08, Robin H. Johnson <[EMAIL PROTECTED]> wrote: > My core concern with the SVN http://, was the crappy performance it > provided compared to svn://. The main rsync tree has never been > available for iterative syncing via http://, just had tarball snapshots > and deltas instead.
If I understand correctly, the performance of svn under apache is better than the svnserver, the same for git... Well... This is only for my experience. In git case, apache is used to transfer files, and it is much better in this than the most available alternatives. In svn case, apache provides the concurrency missing from svnserve. > > Also using none secured protocols, exposes users to man-in-the-middle > > attacks. > The existing http:// had this problem already, it's not a new one. > git:// and svn:// do both have patches around adding support for adding > TLS. This however just adds overhead, I really need to finish the > tree-signing work I was doing, as that protects the content better (MITM > is still possible on SSL without it, just a lot harder as an attacker > has to deal with the SSL stream first). Even if tree signing will be available, the developers should work in secured channel... ssh or https... The users will benefit from the signing and not require secured channel. Until signing will be available, I think it is very important for us to provide reliable source. Regards, Alon Bar-Lev. -- gentoo-dev@lists.gentoo.org mailing list
