> There have actually been several people posting on the list with
> problems that would be solved by POST support. At the time, there was
> no solution and those people probably went elsewhere.
Well, Darcs does support pushing through POST (see DARCS_PUSH_HTTP and
friends). What it doesn't support is pushing through PUT with no
remote Darcs. I believe that the latter is what said people were
complaining about, but I may be wrong.
What the original poster wanted is the ability to push over POST with
no external utility. In other words, he wanted just the current
functionality but with no reliance on a Curl or Wget binary.
(Which, after thinking it over, would most likely be accepted with
gratefulness into Darcs -- although of course I cannot speak for Ian
and Tommy, who are AFAIK sole judges in the matter).
> You haven't actually explained what your objections are?
1. HTTP Basic is not secure by any reasonable standard. HTTP Digest
is vulnerable to man-in-the-middle attacks, and it is buggy in at
least some major clients (which shamelessly leak passwords). HTTP
Basic over anonymous SSL (which is what I believe most people mean
when they speak of ``secure'' servers) is vulnerable to
man-in-the-middle attacks. There are only three people in the
universe who know how to setup X.503 PKI, but unfortunately nobody
knows who they are.
Please don't tell me about security not being relevant in some
environments -- the people who say that are the very same ones whose
computers are sending me 120 spams every day.
2. Okay, fair enough, here's the true reason -- I hold a personal
grudge against the protocol. POST is not reliable (in the networking
sense of the word), due to the facts that servers can timeout an idle
connection at any time and there's no application-level connection end
handshake. (This can be worked around by careful timing on the
client, careful timing on the server, and a server-side hack called
lingering close -- but that's a little too much working around for my
taste.)
> That the big issue as I see it. A lot of people are wanting to use
> Darcs in a star topology, but it's too hard to set up unless you
> already have a shared SSH server. Give Darcs HTTP POST support and
> it'll become almost trivial.
As noted above, Darcs already has POST support, so that cannot be the
problem.
Juliusz
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
