You need to have a key in the server so the client can make sure it's
connecting to the right server. Otherwise, someone could set up a
bogus server so when you sync to it, all of your private code is sent
to the malicious server.
I would recommend creating a separate key for your server, because
your server key will be sitting around decrypted within the server
process, and so if there's some bug that allows someone to read that
process's memory, your key that is used to sign revisions would be
compromised. If you use a separate key, you can choose to only trust
that key for talking with the server, and trust your own key for
signing certs, so in the case of a compromise, not all is lost.
As far as one database per project, you can either do that on the
server, in which case as you say you would have to run separate
server instances on separate ports, or you can have the server just
have one big database with all of the projects, and then have
individual databases for the individual projects that sync with the
server periodically or whenever people feel like it. If the reason
for having per-project databases is that you want people to be able
to access their own database, then this is a better idea, as it means
you don't need to stop the server to work on the individual database.
By the way, it looks like you've named your collection marocode. It
would probably be better to follow the reverse domain name naming
convention, so it would be cz.matfyz.zw.marocode or cz.cuni.marocode
or whatever domain it is you want to use. We discussed possibly
moving to a URL like convention, like zw.matfuz.cz/marocode, but that
hasn't happend yet because the slash conflicts with the slash used in
the selector syntax.
On Jun 7, 2005, at 1:12 PM, Zbynek Winkler wrote:
Hello,
I was following the tutorial, created a database, importing some
files, commiting work etc.
Now I want to setup an allways-on-server to exchange my work with
others. I went to section "2.7 Network Service". I figured that I
need to create an empty database and import pubkeys of all people
I'd like to give access to. I've imported only mine pubkey so far.
I've created the .monotone/monotonerc file with the three hooks as
suggested. Then I tried to run the "serve" command but got the
following error:
[EMAIL PROTECTED]:~/.monotone$ monotone --db=./marocode.db serve
matforge.ms.mff.cuni.cz marocode
monotone: misuse: could not guess default signing key
The --debug command says:
monotone: executing serve command
monotone: db.fetch("SELECT id from 'private_keys'")
monotone: commands.cc:1998: usage constraint 'N(guess_default_key
(key, app))' violated
monotone: misuse: could not guess default signing key
Why do I need a private key in the database? I do not intend to
commit any work to this database. Is it used for anything else?
Zbynek
PS. I'd like to add monotone to our gforge setup but it seems it is
not as straight forward :(. I'd like to have one database per
project so that each project can easily manipulate it. It seems
that in order to do that I'd have to start multiple instances of
monotone serve using different ports. Is that true? I'd also have
to use the --norc and --rcfile options to configure it, right? That
seems kind of awkward :(
--
http://zw.matfyz.cz/ http://robotika.cz/
Faculty of Mathematics and Physics, Charles University, Prague,
Czech Republic
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
_______________________________________________
Monotone-devel mailing list
[email protected]
http://lists.nongnu.org/mailman/listinfo/monotone-devel
