[FFmpeg-devel] [RFC] libswscale into the FFmpeg SVN repo
Måns Rullgård
mans
Sat Apr 4 23:00:09 CEST 2009
Diego Biurrun <diego at biurrun.de> writes:
> On Sat, Apr 04, 2009 at 10:25:22PM +0200, Michael Niedermayer wrote:
>> On Sat, Apr 04, 2009 at 09:04:57PM +0200, Diego Biurrun wrote:
>> > On Sat, Apr 04, 2009 at 06:18:14PM +0200, Michael Niedermayer wrote:
>> > > On Sat, Apr 04, 2009 at 05:41:13PM +0200, Christian Iversen wrote:
>> > > > Michael Niedermayer wrote:
>> > > >> i think the way CVS did versioning was more flexible and
>> > > >> powerfull, and no iam not saying the cvs implementation was
>> > > >> good, with its non atomic changes, lack of move©
>> > > >> tracking per directory commit mails ... Fixing the CVS
>> > > >> implementation and storing the file path in the RCS files
>> > > >> instead of storing the RCS files in the path would have made
>> > > >> cvs more powerfull than svn is today. (that is instead of a
>> > > >> tree with the rcs files as leafs, there could be a flat list
>> > > >> of rcs files where each stores where in the tree it is under
>> > > >> which name for each revission or if that revission existed
>> > > >> rather outside of the tree in a difeferent repo) And with a
>> > > >> RCS file upload/download (aka push/pull) cvs could have been
>> > > >> used offline and distributed ... i never understood why
>> > > >> people droped cvs and started to work on svn that is in
>> > > >> several ways inferrior (less secure, no moving between
>> > > >> repos, database shit, ...)
>> > > >
>> > > > I'm interested, how is it less secure?
>> > >
>> > > IIRC it is vulnerable to simple off line password bruteforcing if one
>> > > can listen to any svn traffic, and it is vulnerable to man in the
>> > > middle attacks.
>> >
>> > How so?
>>
>> no authetication of trafic just cram-md5 password check IIRC
>> did i miss something?
>
> How would this enable MITM attacks?
The server will not notice if an attacker intercepts the connection
and alters some data after the authentication has succeeded.
--
M?ns Rullg?rd
mans at mansr.com
More information about the ffmpeg-devel
mailing list