>>>>> "AKF" == Andreas K Foerster <l...@akfoerster.de> writes:
AKF> More importantly, the article suggests using Basic Authentification. AKF> That sends the password unencrypted over the line, just base64-encoded, AKF> but anybody can decode that. So, it's a very bad idea to use that for AKF> sensible data. While I agree that using ssh for push is better, note that the expected use case for commit over the new http protocol is to do it over tls. A number of sites use a single ssh login for all projects, limiting commit access by the ssh key. For them, supporting commit over ssh is an easier change. Pull-only support, though, will be a very helpul enhancement to SV. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 1024D/ED7DAEA6
