On Fri, Nov 25, 2016 at 11:20 AM, Branko Čibej <br...@apache.org> wrote: > On 25.11.2016 11:11, Olaf van der Spek wrote: >> Hi, >> >> Currently I'm running svnserve on a Debian VM on my PC. I'd like to >> move it to a server on the internet but I don't get how to do this >> securely. >> Svnserve doesn't support encryption, right, so I can't expose it on a >> public port directly. >> I'm aware of Subversion via Apache but I don't run Apache and I don't >> want to give the entire web server access to repos anyway. >> I also don't want to give each SVN user a shell account.. >> What's the proper way to do this? > > Use stunnel in front of svnserve: > > https://www.stunnel.org/ > > > HOWEVER: > > You'll also have to put stunnel on every _client_ machine because the > Subversion client does not support encrypte svn:// protocol natively. > Depending on the kinds of clients you support, that could be either very > easy or extremely complex.
I'm using TortoiseSVN on Windows and the command-line client on Linux. > >> Wouldn't it be good if svnserve supported encryption directly? > > It would be a moderately nice-to-have feature, but given that stunnel > exists, it's not necessary. In fact, it's better not to reinvent > security features that are available in existing, mature software. Using TLS isn't exactly reinventing security features is it?
