Hi all,
I'm trying to figure out the best way to have a main repository where
several can contribute. SSH seems to be the only alternative for this.
I'm thinking of having a single user (called 'darcs') and asking all
developers to send me their ssh key. But I'm concerned about the
security issues:
1) The first issue is, of course, giving people SSH access to my server.
I can reduce the problem by using the 'darcs-wrapper.pl' from here:
http://darcs.net/DarcsWiki/RepoViaSSH
But I'm not completely comfortable. I wonder if it's possible to use
(say) FTP instead without opening other security holes.
2) If everyone shares the same account, I don't see how we can verify
who did what. There's always a (small) chance of malicious developers.
Of course, you always try to only give access to people you trust. But
in the real world, some times you give access to the wrong person. It
can happen. And a malicious person could just create a darcs repo using
someone else's name, make malicious changes and then push.
Is there a way to add non-repudiability to Darcs?
Thank you for your help.
Cheers,
Daniel.
--
/\/`) http://oooauthors.org
/\/_/ http://opendocumentfellowship.org
/\/_/
\/_/ I am not over-weight, I am under-tall.
/
_______________________________________________
darcs-users mailing list
[email protected]
http://www.abridgegame.org/mailman/listinfo/darcs-users
