On 2012-10-04 at 12:25 -0500, Aaron McCaleb wrote: > Also, perhaps another way to phrase the question would be, "What are > some clever hacks that you or others have employed with various VC > solutions, particularly beyond the obvious versioning of frequently > modified files such as configs, scripts, source code and > documentation?"
There's a way with svn/Apache/mod_dav_svn to turn on auto-versioning, and then export the repo as a WebDAV volume, providing history and rollback to desktop clients that don't understand revision control. I played with it a little, but haven't had to support that sort of use-case in a while, so it's sitting stale. I did test it with Windows clients, I think I remember it working. Side-note: if you need to support binary blobs in your VCS, then consider svn instead of git. If you're a git shop, pay attention to "git clone --depth <n>" for areas which only need a checkout for a read-only copy of the content, which can make the binary blobs a little more tenable, and avoid deploying the complete history of your website to the web servers themselves. If working with a large enough team, someone _will_ check passwords into the repo. Figure out a strategy ahead of time. With git, that may be a reset --hard, nuking of objects manually and an override for every checkout, to nuke the object locally and accept the non-fast-forward update. With svn, you can use svnadmin to filter the objects on the server and recovery is much more simple. There's a downside to cryptographically chaining together revisions, when you _need_ to remove a revision. Alternatively, your site could be a paragon of sysadmin virtue and you might be able to quickly change _any_ password without downtime or consequence, so you can live with old passwords being visible. If you're just using a repo without hooks, go read the docs on what you can do with hooks, server-side, to take action on commits. Github provide a great example of the power of this, with WebHooks which can post data in their native format, plus a library of integrations where they massage the data before posting, to make it easy to get SMS / phone notifications / IRC/Hipchat/... postings, etc. Seeing a commit mention in IRC/whatever is sometimes very useful for catching changes you weren't aware of but should have been. I really like having tied Subversion into GSSAPI (Kerberos), so that I don't have to store persistent credentials on disk. I don't know if I wrote it up, but it wasn't that hard. The key is to only use https: URLs because the client doesn't implement wrapping, so you need GSSAPI to only provide authentication/authorisation, not protection layers. Beware of systems that try to be too clever, though. For instance, there's a contrib wrapper for svn which tries to let you manage file permissions, so that you can have files mode 0600. It doesn't change the permissions of .svn so in fact there's no protection whatsoever (and my bug report was ignored). -Phil _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
