Hi Petr, Thanks for your reply.
I wrote: >> ...although SSH is still widely used and >> widely supported, it is officially viewed as >> deprecated by the IETF. Petr Rockai wrote: > Can you please give a reference to the place where SSH is claimed > to be deprecated? I cannot find it. You may mean the SSH1 protocol, > but that's largely unused for a long time. No, the whole approach of SSH. Well, I guess "officially" is a bit too strong - they never came out with a press release about this, or anything like that, afaik. But what happened was: there was a working group for SSH applications, and they came out with some drafts. But then the whole effort was cancelled, and no standards ever came out of it. You can see that in the archives on the IETF site. It is well-known, anecdotally, that the reason this happened is that they decided that SSH is the wrong approach. >> Like other VCSs, >> we should start migrating towards WebDAV >> over an encrypted channel. > WebDAV is horribly > broken, at least in most current implementations. Really? I never had any problems with it. On the client side, all modern OSs support it seamlessly. On the server side, just enable mod_dav and specify a directory. It's in widespread use. Apple quietly uses it in the background for all kinds of things, like calendar sharing. All the popular enterprise CMSs all use it. Etc. So it has to be well supported. Note that WebDAV has some built-in support for VCS, but it is hard-wired with CVS-think. It would be a good idea for us to get involved before they go even further down that road. > It is very > inconvenient to set up authentication for it. More than inconvenient - it is impossible, by design. Authentication and transport encryption are provided by separate layers, not WebDAV. That said, those layers are also not hard to set up, so I am not sure what is bothering you. If you still don't feel like setting it up, WebDAV hosting is widely available, at very low cost - a few dollars per month. Many of the super-cheap PHP hosting sites have WebDAV that you can enable with one click. > And SSH is widely > available, on all platforms you can think of. But only after you set it up. I have found that to be the major obstacle to using darcs with my teams. Nowadays, most people have never even heard of SSH, even experienced software developers. So I spend hours on phone calls and emails trying to explain the concepts to them and help them troubleshoot. Whereas, with WebDAV, I would just give them a login and a URL, and we're up and running. True, that is not as secure as SSH - for that you'd need to start messing with certs and stuff. But a password over an encrypted channel is good enough for most situations. > As for botnet hammering, I don't really think it is that urgent, still > a lot less traffic than mail. He he. Yes. Small consolation, isn't it? What a world! Anyway, how many MIS departments do you know who allow port 22 open these days? And I can understand them. Have you every browsed the logs of a server with port 22 open? It's frightening. This is not just spam traffic; they're shooting at you with live ammunition. They are trying to rootkit you. And you'd be surprised how often they come too close for comfort. > As for > setting ports, there's always ~/.ssh/config (at least with OpenSSH on > Unix), where you can specify default port for each host separately. That is helpful on Unix, yes. >> 1. VERY URGENT - Fix SSH port support on >> Windows. Either in darcs itself, or by providing >> wrappers for the PuTTY commands. >> 2. Urgent - Add an --ssh-port option to darcs >> commands that use SSH, or parse the port >> number in URLs, or both. >> 3. Important - Add WebDAV support to darcs. > I think there are *much* more important issues for darcs than those, (1) means that darcs is useless in most professional environments. Is darcs only for hobbyists? Then this is low priority. > And all of these are fairly easily > implemented, so you could probably provide patches for first two, it > should be a fairly easy task (and you are apparently motivated, since > you consider it a very urgent feature). Touché. I am giving my users some kind of workaround, I'll see if it can be something useful to others too. I hope I'll have time to submit some patches... > The last one depends on > availability of WebDAV implementations, which may be a problem. Also, > it is usually a royal PITA to set up on the server side properly, Not true, as above. But if no one wants to set it up, I am sure we can get together a few people to put in a few dollars for hosting. > it is probably only useful for people who either have WebDAV server > already (I assume a smallish minority of darcs users) I'll bet you yourself are using it without realizing it. WebDAV is widespread, and less and less people are using SSH. For end users, WebDAV is trivial and SSH is complex. > SSH is, at least for subversion, considerably > faster than WebDAV, which is pretty inefficient. The WebDAV site claims that WebDAV is faster. But I don't know the basis of either their claim or yours, nor the cause. Regards, Yitz _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
