??changed: -There was a discussion about supporting montone at Savannah it on the monotone-devel list (hosted by Savannah :)) last year: -http://lists.gnu.org/archive/html/monotone-devel/2005-08/msg00072.html - -I also just had a discussion at #monotone: they now have 'usher'. - -From http://venge.net/monotone/NEWS: "'usher' support: experimental method for proxying multiple netsync servers through a single port (similar concept to - vhosts) (Timothy Brownawell <[EMAIL PROTECTED]>)" - -It does a simple forwarding, but does not use different user ids. This is not good for security because there is no isolation - which means if usher is cracked into then all the monotone repositories would be impacted. - -[With CVS and GNU Arch, our solution is to rely on SSH and Unix privileges. Plus the Doctor setup as a kind of exception for webpages (security issue is cracked Apache evedropping, ie password-based auth).] - - -Here's the IRC conversation. -Since an IRC conversation is not necessarily meant for full public archival, I'll sum up the channel answers: - - * Beuc: Hey. I wonder where I could read more information about usher. I wonder if each database can be owned by a different group (think suExec) or if all have to belong to the proxy server :) - - * #monotone: each database has to be +rw for whoever's running the usher. -[33 more lines...] Monotone now probably can be used for mass hosting:
- ssh support (read/write) - since 0.27/2006-06 - multi-database server (read) - since 0.23/2005-09 http://mtn-host.prjek.net/ demonstrates Monotone hosting and publishes its source code (project 'webhost') Technically, usher can be used for write access, but does not support privileges separation (one uid must have write access to all repos). References There was a discussion about supporting montone at Savannah it on the monotone-devel list (hosted by Savannah :)) last year: http://lists.gnu.org/archive/html/monotone-devel/2005-08/msg00072.html Monotone proselitism ;) by Chad Walstrom: http://lists.gnu.org/mailman/private/gnu-prog-discuss/2006q2/001201.html (For more general discussion about supporting a new service, check NewServiceSupport) Rejected Ideas - usher + setuid wrapper for 'mtn server': I think the authentication is performed after 'mtn server' is started - forward connection to a running server: we can't afford to let 2500 servers (one per project) always running in the background -- forwarded from https://savannah.gnu.org/maintenance/[EMAIL PROTECTED]://savannah.gnu.org/maintenance _______________________________________________ Savannah-cvs mailing list [email protected] http://lists.gnu.org/mailman/listinfo/savannah-cvs
