On Fri, Nov 25, 2016 at 5:11 AM, Olaf van der Spek <m...@vdspek.org> wrote: > Hi, > > Currently I'm running svnserve on a Debian VM on my PC. I'd like to > move it to a server on the internet but I don't get how to do this > securely. > Svnserve doesn't support encryption, right, so I can't expose it on a > public port directly.
svn+ssh works quite well, and gets *away* from the horrible, horrible tendency of clients to save a passphrase in clear text by default. That single behavior is one of the big reasons not to use most Subversion sites by default. svn+ssh has a similar, but not quite as egregious, problem that the SSH client tools can also store SSH keys without a passphrase, by default. But an SSH private key is less likely to be the same password used by a careless employee or developer for their logins, email, banking, and online game logins. > I'm aware of Subversion via Apache but I don't run Apache and I don't > want to give the entire web server access to repos anyway. > I also don't want to give each SVN user a shell account.. > What's the proper way to do this? > > Wouldn't it be good if svnserve supported encryption directly? > > -- > Olaf See above. And yes, it might be useful, but integrating encryption into high performance can seriously destabilize it.
