On 2/4/06, Benedikt Schmidt <[EMAIL PROTECTED]> wrote: > "Daan Leijen" <[EMAIL PROTECTED]> writes: > > Hmm, you seem to imply that I would need special webserver support?
There is no way to apply darcs patch bundle without a copy of darcs. All existing push and send methods require this. > >> Alternatively, you could require that the patch is signed with a > >> recognised GPG key (since both signing and verification are built into > >> Darcs), though that would mean that authentication is delayed until > >> the patch bundle has already been uploaded. I'd like to make it clear that gpg in context of darcs is purely an patch-bundle authentication method, nothing of it is preserved in a repository. > > Ah, and that could be done completely by the CGI script (right?) -- no > > extra server support necessary at all. Last I checked, if you have gnupg, it can verify darcs bundles without problems, even without darcs. > > This all sounds great (and a reasonable amount of work!). It would be > > very secure since it just runs as HTTP, and the CGI is simply limited > > to a few darcs operations -- it can run on anyone's website that can > > run CGI scripts -- no server dependencies. Having this would surely help > > darcs to get more widespread. Wow, why has no one done this already? :-) Applying darcs patch requires darcs. Verifying gpg-signature requires gnupg. Writing scripts to handle other stuff is not the hard part. It has been done several times on diffrent sites (some of them you can find on mailing list archives.) <rant> I think the main reason there is no "official" or anything advertised on darcs.net is cultural thing in darcs community: Most (advanced) users and developers are unixy-types with their own servers and can conviently hack in whatever they feel like. And creating users with ssh access and special shell is mere one-night-or-weekend project for them. Also, they probably are at home with mails that have patches as attachmenets and script their emal clients to handle these patches semi-automatically. There has also been strong movement against using http as medium to push, given a lot of loose ends on security and that it is redundant given ssh and emails. </rant> > It has already been started, but i'm not sure how usable the client and > server described in > http://thread.gmane.org/gmane.comp.version-control.darcs.user/8926 > are. There was no interest or comments on that work, nor any users I know besides myself, so I don't know how others feel. I use it on my own site and at work. It is mightily more convient now that darcs push has sign-options (in next darcs release). It is inconvient because it requires darcs and gpg on server. Compiling server and client is inconvient because it requires ghc. It depends http server for protection from DOS. Besides those issues it is imo very handy (I find it faster to post patch over ssh-tunneled http than straight ssh - given that ssh-tunneled http was open anyway.) There was also a darcs patch, that I think didn't go in, that implemented http post using libcurl/curl, but with a bit diffrent spec. (iirc just pushed plain darcs-bundle in request body.) What it boils down, very often, is that you require GHC or Darcs on platform where your web-server runs, more conviently usually on exact same host, so you can skip issues with static linking etc. Best regards, -Esa _______________________________________________ darcs-users mailing list [email protected] http://www.abridgegame.org/mailman/listinfo/darcs-users
