[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: WebDAV

From: Colin Walters
Subject: Re: [Gnu-arch-users] Re: WebDAV
Date: Fri, 09 Apr 2004 15:06:42 -0400

On Fri, 2004-04-09 at 12:45, Eric S. Johansson wrote:

> so, lets figure out an "easy to make safe" arch repository. 

I didn't find it particularly difficult to secure my arch repository. 
That said, there is certainly some value in solutions which don't
require complete control over the host.  But you should remember that
sftp, being based on ssh, solves some real problems, and is an extremely
well-audited codebase.

For example, you should think carefully about how you're going to
protect against man-in-the-middle attacks and replay attacks.

I solved these problems in arch-pqm by using GPG.

> more complexity == less security.

That's so amazingly naïve I don't quite know how to respond.  I'll just
assume you were kidding.

Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]