Instructions for setting up subversion repository using http/https incomplete and not secure

Bug #383605 reported by ranrub on 2009-06-04
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubuntu-docs (Ubuntu)
Undecided
Adam Sommer

Bug Description

Binary package hint: ubuntu-docs

In http://doc.ubuntu.com/ubuntu/serverguide/C/subversion.html#access-via-webdav, the configuration given creates a world-readable repository, which most users won't want.
Please change:
<LimitExcept GET PROPFIND OPTIONS REPORT>
  Require valid-user
  </LimitExcept>

To:
  Require valid-user

Also, http://doc.ubuntu.com/ubuntu/serverguide/C/subversion.html#access-via-webdav-with-ssl in incorrect. It should state that the <Location> directive given for http without SSL should be added to /etc/apache2/sites-available/default-ssl, and give a link to http://doc.ubuntu.com/ubuntu/serverguide/C/httpd.html#https-configuration for instructions on setting it up. The mention of Verisign is redundant.

Related branches

ranrub (ran-rubinstein) on 2009-06-04
visibility: private → public
Adam Sommer (asommer) wrote :

Thanks for reporting this bug, and helping make Ubuntu better. I have applied your suggestions to revision 341.

Thanks again,
Adam

Changed in ubuntu-docs (Ubuntu):
assignee: nobody → Adam Sommer (asommer)
status: New → Fix Committed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-docs - 9.10.7

---------------
ubuntu-docs (9.10.7) karmic; urgency=low

  * General:
    - Refresh pot files
  * Add-applications:
    - Amend add-applications in light of move from gnome-app-install to software-center
  * Serverguide (by Adam Sommer unless otherwise stated):
    - Updating etckeeper section for new version and fixing typo, Thierry Carrez (LP: #432377)
    - Updating the Postgresql section for version 8.4, ~BG (LP: #426971)
    - Fix typos in Chat section, Connor Imes (LP: #410654)
    - Removing note about command line utility differences, Connor Imes (LP: #394728)
    - Update for phpinfo() test script, Christian Wenz (LP: #418045)
    - Added note about manually compiling drbd module in virtual kernels, removed bad config
      line based on feed back from Ante Karamatić (LP: #397241)
    - Apache2 configuration update for more security, and clarification of using SSL
      and Apache2 with Subversion (LP: #383605)
    - Added a link to the Windows Networking section to find more info regarding Samba (LP: #415622)
    - Added priority to MX record example (LP: #425207)
    - Added more configuration options to Amavisd-new section to flag more messages as spam (LP: #363442)
    - Updated mailman Apache2 configuration for latest version of moinmoin (LP: #381802)

 -- Matthew East <email address hidden> Sat, 26 Sep 2009 14:07:07 +0100

Changed in ubuntu-docs (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers