A.7 Subversion Mirror Sites

All mirrors carry all repositories.

The master FreeBSD Subversion server, svn.FreeBSD.org, is publicly accessible, read-only. That may change in the future, so users are encouraged to use one of the official mirrors. To view the FreeBSD Subversion repositories through a browser, use http://svnweb.FreeBSD.org/.

Note: The FreeBSD svn mirror network is still in its early days, and will likely change. Do not count on this list of mirrors being static. In particular, the SSL certificates of the servers will likely change at some point.

Name Protocols Location SSL fingerprint
svn0.us-west.FreeBSD.org svn, http, https USA, California SHA1 79:35:8F:CA:6D:34:D9:30:44:D1:00:AF:33:4D:E6:11:44:4D:15:EC
svn0.us-east.FreeBSD.org svn, http, https USA, New Jersey SHA1 06:D1:23:DE:5E:7A:F7:2B:7A:7E:74:95:5F:54:8D:5C:B0:D6:2E:8F

HTTPS is the preferred protocol, providing protection against another computer pretending to be the FreeBSD mirror (commonly known as a “man in the middle” attack) or otherwise trying to send bad content to the end user.

On the first connection to an HTTPS mirror, the user will be asked to verify the server fingerprint:

Error validating server certificate for 'https://svn0.us-west.freebsd.org:443':
 - The certificate is not issued by a trusted authority. Use the
   fingerprint to validate the certificate manually!
Certificate information:
 - Hostname: svnmir.ysv.FreeBSD.org
 - Valid: from Fri, 24 Aug 2012 22:04:04 GMT until Sat, 24 Aug 2013 22:04:04 GMT
 - Issuer: clusteradm, FreeBSD.org, CA, US
 - Fingerprint: 79:35:8f:ca:6d:34:d9:30:44:d1:00:af:33:4d:e6:11:44:4d:15:ec
(R)eject, accept (t)emporarily or accept (p)ermanently?

Compare the fingerprint shown to those listed in the table above. If the fingerprint matches, the server security certificate can be accepted temporarily or permanently. A temporary certificate will expire after a single session with the server, and the verification step will be repeated on the next connection. Accepting the certificate permanently will store the authentication credentials in ~/.subversion/auth/ and the user will not be asked to verify the fingerprint again until the certificate expires.

If HTTPS cannot be used due to firewall or other problems, SVN is the next choice, with slightly faster transfers. When neither can be used, use HTTP.