Ubuntu
ubuntu-docs package

Instructions for setting up subversion repository using http/https incomplete and not secure

Bug #383605 reported by ranrub
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-docs (Ubuntu)
Fix Released
Undecided
Adam Sommer

Bug Description

Binary package hint: ubuntu-docs

In http://doc.ubuntu.com/ubuntu/serverguide/C/subversion.html#access-via-webdav, the configuration given creates a world-readable repository, which most users won't want.
Please change:
<LimitExcept GET PROPFIND OPTIONS REPORT>
  Require valid-user
  </LimitExcept>

To:
  Require valid-user

Also, http://doc.ubuntu.com/ubuntu/serverguide/C/subversion.html#access-via-webdav-with-ssl in incorrect. It should state that the <Location> directive given for http without SSL should be added to /etc/apache2/sites-available/default-ssl, and give a link to http://doc.ubuntu.com/ubuntu/serverguide/C/httpd.html#https-configuration for instructions on setting it up. The mention of Verisign is redundant.

Related branches

lp:ubuntu/karmic/ubuntu-docs
ranrub (ran-rubinstein)
visibility: private → public
Revision history for this message
Adam Sommer (asommer) wrote :

Thanks for reporting this bug, and helping make Ubuntu better. I have applied your suggestions to revision 341.

Thanks again,
Adam

Changed in ubuntu-docs (Ubuntu):
assignee: nobody → Adam Sommer (asommer)
status: New → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-docs - 9.10.7

---------------
ubuntu-docs (9.10.7) karmic; urgency=low

  * General:
    - Refresh pot files
  * Add-applications:
    - Amend add-applications in light of move from gnome-app-install to software-center
  * Serverguide (by Adam Sommer unless otherwise stated):
    - Updating etckeeper section for new version and fixing typo, Thierry Carrez (LP: #432377)
    - Updating the Postgresql section for version 8.4, ~BG (LP: #426971)
    - Fix typos in Chat section, Connor Imes (LP: #410654)
    - Removing note about command line utility differences, Connor Imes (LP: #394728)
    - Update for phpinfo() test script, Christian Wenz (LP: #418045)
    - Added note about manually compiling drbd module in virtual kernels, removed bad config
      line based on feed back from Ante Karamatić (LP: #397241)
    - Apache2 configuration update for more security, and clarification of using SSL
      and Apache2 with Subversion (LP: #383605)
    - Added a link to the Windows Networking section to find more info regarding Samba (LP: #415622)
    - Added priority to MX record example (LP: #425207)
    - Added more configuration options to Amavisd-new section to flag more messages as spam (LP: #363442)
    - Updated mailman Apache2 configuration for latest version of moinmoin (LP: #381802)

 -- Matthew East <email address hidden> Sat, 26 Sep 2009 14:07:07 +0100

Changed in ubuntu-docs (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.