On Sat, 2009-01-17 at 20:46 +0000, Timothy Brownawell wrote: > Branch net.venge.monotone.tbrownaw.serve_automate adds a --bind-automate > option to 'mtn serve', to allow serving raw automate stdio over the > network. This doesn't have any authentication, so it's only safe for > private interfaces (127.x.x.x). > > This allows for concurrent netsync and "automate stdio" access to a db. > > Does anyone object to merging this? (Maybe someone wants to add > authentication and a command to act as a front-end first, so it can > safely be run on on public interfaces?)
I should also mention that I'm thinking we eventually want to move to SSH2 for encryption/authentication (pending finding a good server-side SSH2 library, there only seem to be client-only libraries available now). This would let us only need to listen in one place for both netsync and stdio (and whatever else we might come up with), and would also mean not needing to keep our own authentication code or write our own encryption code (I know I've seen requests for encrypted netsync). So I'd think un-secured stdio would be more useful for now than no network stdio, and we can clean up the networking later. But maybe there's a maintainable way to extend our current authentication to networked 'automate stdio', or maybe the potential for confusion resulting in putting an insecure protocol on a public interface is too great... -- Timothy Free (experimental) public monotone hosting: http://mtn-host.prjek.net _______________________________________________ Monotone-devel mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/monotone-devel
