On Mon, Dec 21, 2015 at 2:21 PM, David Brodbeck <bro...@uw.edu> wrote: > > > On Sat, Dec 19, 2015 at 2:43 AM, Daniel Shahaf <d...@daniel.shahaf.name> > wrote: >> >> Or perhaps stunnel, which has its pros and cons (e.g., an SSL >> vulnerability won't compromise the svn process). > > > I thought about suggesting that, too, but I'm not sure it's workable. While > it'd be easy to set up on the server side, it would be very clumsy on the > client side, since the client isn't going to understand svn-over-TLS without > its own stunnel instance.
Sure it can. This is similar to how svn+ssh works. For stunnel, you'd set up a port tunnel from a port on your localhost.
