Re: [Zope-dev] [ZF] Zope Source Code Repository
Christian Theune wrote: See: http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvements However, this only *allows* clients to manage their password reasonably, it doesn't force them to. Well, you can't force someone to keep their private key private either... At the end of the day, if an svn account is compromised, we'll see a load of bogus commits. My understanding of svn is that those are moderately easy to remove. From my understanding, the interesting part is what the DVCSs do: let people sign their commits with e.g. their PGP key (strong auth) and allow them to share that data somewhere (different mechanism maybe not so strong auth). Well, the only auth bit seems to be where the offical changesets are.. Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
Tres Seaver wrote: - the web front end is ancient and not as good as other options (Trac, WebSVN) Fixing the web front-end should be a matter for the zope-web list. The zope-web list is pretty dead... So I thought I'd ask what the plans are now that the foundation owns all the Zope IP (has this happened yet or am I imagining things?) The foundation now owns the copyrights. Trademarks are still in other hands. This is why I was cc'ing in the foundation list, there is relevant stuff for the foundation group in this discussion... The other option would be to follow Python and move to Mercurial, but that has the same problems for me as with Bzr (no decent gui tools, less mature, etc) although it's a toolset I'll have to learn at some point anyway... +1 to sticking with svn+ssh for write requests. - -1 to non-pubkey-based authentication for write requests. ParseError: what does the above line mean? +1 to making svn-over-http read-only checkouts work. - -1 to switching away from svn, at least until the Python developers have some experience with the transition (I would wait at least 6 months). ParseError: what does the above line mean? Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
Jens Vagelpohl wrote: On Apr 2, 2009, at 22:53 , Tres Seaver wrote: +1 to making svn-over-http read-only checkouts work. This is now working. The repository can be reached under... http://svn.zope.org/repos/main/ Jens, you're my hero :-) Remind me that I owe you beer next time I see you... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Withers wrote: Andreas Jung wrote: *This* part needs some fixing, largely because Jim's role their is an artifact of ZC's role, now lapsed, as custodians. At a minimum, there should be a group (I suggest the zope-web regulars) who can take over the maintenance of that application. A *different* group should have the role of collecting / approving the committer access requests. They'll end up being the same group pretty quickly, volunteers are thin on the ground :-/ Maybe, but the one group is doing policy (who should be a committer?), while the other is doing mechanism (get approved committers set up). The groups don't have to overlap, as long as the workflow is clear. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ1l1W+gerLs4ltQ4RAkpoAKCodutcQ4SqhReTJOCFbNkHo67W/gCggtDG /E4Mx4ojLHKH6etlKLxc9ko= =beMU -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03.04.2009 21:02 Uhr, Tres Seaver wrote: Chris Withers wrote: Andreas Jung wrote: *This* part needs some fixing, largely because Jim's role their is an artifact of ZC's role, now lapsed, as custodians. At a minimum, there should be a group (I suggest the zope-web regulars) who can take over the maintenance of that application. A *different* group should have the role of collecting / approving the committer access requests. They'll end up being the same group pretty quickly, volunteers are thin on the ground :-/ Maybe, but the one group is doing policy (who should be a committer?), while the other is doing mechanism (get approved committers set up). The groups don't have to overlap, as long as the workflow is clear. The Plone folks use a bugtracker for managing the committer access. A new contributor has to file a new ticket. A similar approach might be suited for managing new Zope committers. Speaking in workflow terms: a policy group could accept or reject the request. The mechanism group will deal with setting up the stuff for the committer and close-ing the case. Andreas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknWYSMACgkQCJIWIbr9KYxa4wCfdMbn7xVwowTRTVY9GlRAPMJ9 Mk4AmweFBudg2Z7XHA7JVfrMDVX2fLsk =eB1A -END PGP SIGNATURE- begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
On Thu, Apr 2, 2009 at 20:31, Chris Withers ch...@simplistix.co.uk wrote: For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I volunteer to help with any/all of the above. My offer to set up Trac as a buildout still stands too. Jens, have your concerns about dependencies been answered? -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
On Thu, Apr 2, 2009 at 20:39, Jim Fulton j...@zope.com wrote: On Apr 2, 2009, at 2:31 PM, Chris Withers wrote: For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I absolutely *hate* using https to access subversion. This involves storing a key in plane text in my home directory, which is terrible. I far prefer using ssh-based infrastructure for this sort of thing. This is no longer the case for subversion 1.6 and up, the password is now stored encrypted, and subversion now supports KWallet, GNOME Keyring, Mac OS Keychain, and Windows CryptoAPI for storage. See: http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvements -- Martijn Pieters ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02.04.2009 20:44 Uhr, Andreas Jung wrote: On 02.04.2009 20:39 Uhr, Jim Fulton wrote: On Apr 2, 2009, at 2:31 PM, Chris Withers wrote: For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I absolutely *hate* using https to access subversion. This involves storing a key in plane text in my home directory, which is terrible. I far prefer using ssh-based infrastructure for this sort of thing. Really? I have never stored a plain text password for SVN over https within my home dir. I also can not find anything related within .subversion/ in my home dir. Possibly because I am using SVN 1.6. Andreas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknVCFkACgkQCJIWIbr9KYzIFgCgnUMYfD6ed/Lrro1Kqa5lHyr7 47YAn1pkzCaXk4PrxjLmxAooav7JM0wl =N9xl -END PGP SIGNATURE- begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: On 02.04.2009 20:44 Uhr, Andreas Jung wrote: On 02.04.2009 20:39 Uhr, Jim Fulton wrote: On Apr 2, 2009, at 2:31 PM, Chris Withers wrote: For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I absolutely *hate* using https to access subversion. This involves storing a key in plane text in my home directory, which is terrible. I far prefer using ssh-based infrastructure for this sort of thing. Really? I have never stored a plain text password for SVN over https within my home dir. I also can not find anything related within .subversion/ in my home dir. Possibly because I am using SVN 1.6. Then never means since 2009-03-20. Or else you have never done a checkout from a password-protected SVN-over-HTTP(S) server. Tres, - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ1QqA+gerLs4ltQ4RAqp3AKCOse88Q5aHlgI3tZguCFveN+Uc7wCgqRB2 tbMxeMww1fYarBzC+1k01Eo= =cj6O -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
Tres Seaver wrote: Possibly because I am using SVN 1.6. Then never means since 2009-03-20. Or else you have never done a checkout from a password-protected SVN-over-HTTP(S) server. It's been encrypted on Windows for longer than that... (svn 1.4...) Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02.04.2009 21:58 Uhr, Chris Withers wrote: Dieter Maurer wrote: I have been told that there are mirrors of the Zope SVN repository providing read access via http. Shame none of them is advertised anywhere... http://svn.zope.de - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknVGgYACgkQCJIWIbr9KYye6ACfXPCLs+nZPOKbupSZ3aJ0nWtT Pz0Ani9kEtzGwaxyoixsGFkdWOWbkhnB =fvsT -END PGP SIGNATURE- begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
Martijn Pieters schrieb: On Thu, Apr 2, 2009 at 20:31, Chris Withers ch...@simplistix.co.uk wrote: For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I volunteer to help with any/all of the above. My offer to set up Trac as a buildout still stands too. Jens, have your concerns about dependencies been answered? I also offer my help to install and maintain a trac and, if needed, the svn installation. ..Carsten ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First, this cross-post was inappropriate: it is a matter for general discussion among Zope committers, which is not a matter for the Foundation to act on unless / until some consensus for changing the status quo emerges. This will be my last post to the 'foundat...@zope.org' list on this thres. Chris Withers wrote: I got bitten by the current zope subversion setup at PyCon so thought I'd mail the appropriate groups about it. If this has been covered elsewhere and I've missed anything, please just point me in the right direction... So, svn.zope.org causes me pain at the moment: - it uses the bizarre svn or svn+ssh protocols, which I find annoying (ports blocked on routers, can't check with a browser, etc) /me shrugs. SSH is an essential part of my day-to-day work: not being able to use it means I'm effectively offline. - the web front end is ancient and not as good as other options (Trac, WebSVN) Fixing the web front-end should be a matter for the zope-web list. - the process for adding keys is baroque and managed by one person who is too busy to help with it (Jim) *This* part needs some fixing, largely because Jim's role their is an artifact of ZC's role, now lapsed, as custodians. At a minimum, there should be a group (I suggest the zope-web regulars) who can take over the maintenance of that application. A *different* group should have the role of collecting / approving the committer access requests. So I thought I'd ask what the plans are now that the foundation owns all the Zope IP (has this happened yet or am I imagining things?) The foundation now owns the copyrights. Trademarks are still in other hands. Are we sticking with svn? Are we sticking with the current hosting? Are we sticking with the current key-based login and upload mechanism? For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I volunteer to help with any/all of the above. The other option would be to follow Python and move to Mercurial, but that has the same problems for me as with Bzr (no decent gui tools, less mature, etc) although it's a toolset I'll have to learn at some point anyway... +1 to sticking with svn+ssh for write requests. - -1 to non-pubkey-based authentication for write requests. +1 to making svn-over-http read-only checkouts work. - -1 to switching away from svn, at least until the Python developers have some experience with the transition (I would wait at least 6 months). Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ1SXm+gerLs4ltQ4RAt74AJ93TlHe0VZ4vbAI706kDQzT8IvrkACfdzNP HrZb19KJDG+En2Zx+nRjz5c= =kLgg -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Apr 2, 2009, at 22:53 , Tres Seaver wrote: +1 to making svn-over-http read-only checkouts work. This is now working. The repository can be reached under... http://svn.zope.org/repos/main/ jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAknVNjQACgkQRAx5nvEhZLLKzACfROrQxGjCo1x90az9/HCMGBk9 JjcAoLAbxTarJVv1+f3jikTGBK1MBlpm =jZ+o -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
On Thu, 2009-04-02 at 20:43 +0200, Martijn Pieters wrote: On Thu, Apr 2, 2009 at 20:39, Jim Fulton j...@zope.com wrote: On Apr 2, 2009, at 2:31 PM, Chris Withers wrote: For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface. I absolutely *hate* using https to access subversion. This involves storing a key in plane text in my home directory, which is terrible. I far prefer using ssh-based infrastructure for this sort of thing. This is no longer the case for subversion 1.6 and up, the password is now stored encrypted, and subversion now supports KWallet, GNOME Keyring, Mac OS Keychain, and Windows CryptoAPI for storage. See: http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvements However, this only *allows* clients to manage their password reasonably, it doesn't force them to. SSH usually complains about bad permission settings on files etc and I guess is usually handled better. (Note: you can't force a passphrase onto the client either.) From my understanding, the interesting part is what the DVCSs do: let people sign their commits with e.g. their PGP key (strong auth) and allow them to share that data somewhere (different mechanism maybe not so strong auth). Christian -- Christian Theune · c...@gocept.com gocept gmbh co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development signature.asc Description: This is a digitally signed message part ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [ZF] Zope Source Code Repository
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02.04.2009 22:53 Uhr, Tres Seaver wrote: *This* part needs some fixing, largely because Jim's role their is an artifact of ZC's role, now lapsed, as custodians. At a minimum, there should be a group (I suggest the zope-web regulars) who can take over the maintenance of that application. A *different* group should have the role of collecting / approving the committer access requests. I agree that this part definitely needs to be fixed. I updated the developer documentation in order to point to the foundations's about page as primary contact (suggested by Jens): http://docs.zope.org/developer/becoming-a-contributor.html (possibly not reflecting my changes made to the reST documents in SVN right now). Andreas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknVjFwACgkQCJIWIbr9KYwQRQCfRRVjxVylBA67tX+lhK3UG/ra ZHsAoKeaQGkNV/JUUKvfB00UFPpJ/D/6 =catZ -END PGP SIGNATURE- begin:vcard fn:Andreas Jung n:Jung;Andreas org:ZOPYX Ltd. Co. KG adr;quoted-printable:;;Charlottenstr. 37/1;T=C3=BCbingen;;72070;Germany email;internet:i...@zopyx.com title:CEO tel;work:+49-7071-793376 tel;fax:+49-7071-7936840 tel;home:+49-7071-793257 x-mozilla-html:FALSE url:www.zopyx.com version:2.1 end:vcard ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )