My problem with svn for a security related project is, that this SCM doesn't use hashes. You can't be sure if the code has been manipulated.
Especially since the NSA-scandal you shouldn't trust in US-based companies for security. Or in general that companies can't be secretly compromised.
I think svn is perfectly fine for programs like blender but in this project secret services are definitely interested in.
sha512 checksums for the tarball doesn't help much because the code can be tweaked in a manner nobody notices if he doesn't check the code thoroughly.
Log in to post a comment.