I admit that I am not the sort of person who likes to go through long and winded installation instructions. However, I am willing to go to great lengths when it comes to security - still with certain limits though. And I hit such a brick wall today: trying to secure Subversion. From the documentation, I knew that the recommended path was SSH, so I set out to find out how to get this up and running on my Windows box.
Owning the black sock in Google fu, I came up with various articles, the most helpful being SVN+SSH+public key authentication on Windows Box as server. Most helpful because after reading the aforementioned recipe plus Subversion / TortoiseSVN SSH HowTo, I decided to scratch my efforts. Why?
For starters, I am not a big fan of Cygwin. That's just personal mischief of a Windows guy, I can swallow my pride when the tools that depend on it provide merit. What's more of a problem for me is installing a service for adding security to another service - especially if I need that new service just for the "security purpose", and not the other bells and whistles it can provide (plus the security issues that might be hidden in those unused parts). Call me paranoid, but I simply like to reduce "moving parts" in my setups, because: What's worse than malicious traffic? Right, encrypted malicious traffic.
Secondly, do you think - honestly - that developers love to jump through hoops to get access to the repository? (I am referring to the client side of things on Windows) Not really. From the top of my head, I fall short of naming a single developer I personally know that would love to follow those steps. But every single one of them would be more than willing to just replace svn:// for svns:// when accessing a repository.
Conclusion: yes, I am whining about the usability of an open source project. As I am participating on one myself, you very well can spare me the "usual" arguments of do-it-yourself-because-the-sourcecode-is-available-anyways. This is a rant. I want to be unreasonable. But it sure would be nice if security was in the box. Especially nowadays.