On Tue, Dec 28, 2010 at 08:58:43AM -0800, Philip Prindeville wrote: > On 12/28/10 3:44 AM, Stefan Sperling wrote: > >The important bit about security is that admins understand how to configure > >the application they're setting up. They can then configure it securely. > >I suppose your real concern is that you or others would get distracted > >by those files. Which implies a lack of understanding about how the > >system is or has been configured. I'd say the real problem here is > >documenting your setup properly and making sure everyone involved knows > >what this documentation says. > > If I know that they're used only by svnserve and I'm never going to use > svnserve, maybe I don't want they lying around just to svnserve will never be > run (by a hacker for an exploit). > > That seems pretty straigthtforward.
But svnserve will run even if the svnserve.conf file doesn't exist. Stefan
