Hi Jeff, for read access control, we have disabled the git-daemon and added another gitorious user (anongit), which uses a modified version of the gitorious script and strainer.rb. Such, anyone can access a repository using [email protected]:repos... and strainer will check if this person is allowed to read the content of the repository.
Thomas Am 04.02.2010 um 03:37 schrieb Jeff Mitchell: > On 02/03/2010 03:19 AM, Marius Mårnes Mathiesen wrote: >> But you guys have your own git-daemon that is run. Such access control >> could be coded into this, correct? >> >> >> Actually, to my knowledge, the git protocol itself lacks authentication >> support; it is designed for fast read access to repositories. > > I'm not talking about the git protocol; I'm talking about the git-daemon > process itself. Since you have a custom git-daemon, it's conceivable > that part of that customization could be involve access control > controlling whether the daemon actually responds to a particular client. > >> Newer versions of git actually have much improved HTTP support; it is >> faster and supports writing (ie push). So HTTP is a real alternative to >> SSH these days, as long as the users have recent Git clients. > > HTTP has supported push for a long time, at least a year. But it doesn't > (or maybe didn't) work very well. Client setup could be a pain, and > worse, the bare repos on the server often wouldn't update properly, > forcing manual intervention to do things like have them garbage collect > (I once saw such a bare repo being updated over HTTP balloon from 30MB > to 2GB). > > When I brought these issues up in #git I was told that HTTP was > basically a second class citizen and that nobody really was caring much > about it. > > I'd advice much testing, and caution... > > --Jeff > -- To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected]
