svn checkout "head" or "stable"

Matthew Seaman matthew at
Fri Sep 28 20:39:35 UTC 2012

On 28/09/2012 20:41, Ed Flecko wrote:
> David - I'd like to, but every time I try that it prompts me for a
> password...and I don't know what password it wants???

That would be the password to a account, which isn't going
to work for most people on two counts:

   * uses SSH keys for authentication, not passwords.

   * even if you've got a SSH key, not being a FreeBSD committer you
     probably don't have a account.

For anonymous access, you can use http or svn.  Given that anonymous
access is read-only, there's really not much to be gained from SSH or
other means of encrypting the connection, either for you, or for the
FreeBSD servers.  It's anonymous, so you don't care about
authentication.  FreeBSD sources are publicly available, so you don't
care about anyone eavesdropping on the traffic.  About the only thing
you're still exposed to is a man-in-the-middle attack, where someone
could pose as a FreeBSD server and feed you a trojanned set of sources
-- but then, you'ld still be exposed in exactly the same way even using
svn+ssh.  In practice, attacks of this type are very (pretty much
vanishingly) rare.  If they do concern you, then use portsnap(8) /
freebsd-update(8) which has specific cryptographic protection against
such things.  The portsnap and freebsd-update build systems also have
special access to the master FreeBSD repositories to minimize the
chances that they themselves could be fed trojanned sources.



Dr Matthew J Seaman MA, D.Phil.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 264 bytes
Desc: OpenPGP digital signature
Url :

More information about the freebsd-questions mailing list