Richard Li <[EMAIL PROTECTED]> wrote: > Sourceforge offers CVS hosting; gna.org offers Arch, Subversion, and > CVS hosting. > > So enabling one of these sites to offer Monotone hosting. I would > imagine that the process of setting this up could drive some feature > development in Monotone as well.
There's been a lot of talk lately on the [EMAIL PROTECTED] list about this. Currently, Savannah offers CVS and GNU Arch, but obviously people want to run their favorite SCM's to work on their projects. Subversion has come up in the discussion (with some loud approval), and I dropped the Monotone with usher suggestion into the fray. It was rejected on the issue of security, that if usher were allowed to launch 'mtn serve' instances, they would be required to share the same system user/group permissions. A single compromised usher instance would then give unmitigated access to each of the services it started. The alternative I proposed was to manage the 'mtn serve' instances separately, then use usher to proxy. Some of what needs to be done in order to pull this off is to have management scripts for hosting monotone servers in place. I asked Greydon if inetd-enabling monotone would work, but he indicated that there would be database locking issues. I've added a feature-request to daemonize monotone [1], which would certainly help with launching and controlling 'mtn serve' instances. There is the possibility of adding setuid/setgid calls to usher, but that means usher would need to be run as root or have some sort of capabilities package enabled in the kernel to assign these rights to an unprivileged user. A little scary, if you ask me, since usher is processing public requests. There's the Postfix way of launching new services, a master server. usher could make requests of the master server to launch a new 'mtn serve' instance as a given user. i.e. The 'gnats' user to launch 'mtn serve' on the GNATS project's gnats.mtn database. IMHO, working with the Savannah team to serve Monotone would be quite awesome. ;-) A good Google SoC project. References ========== 1. https://savannah.nongnu.org/bugs/?func=detailitem&item_id=16177 -- Chad Walstrom <[EMAIL PROTECTED]> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */ _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
