Hello sysadmins, On Sat, Mar 12, 2005 at 05:15:59PM -0500, Richard Stallman wrote: > The person replied that would not help, because apparently the problem > is not so much the firewall, but rather the use of a proxy to access > the WWW. > > It's true that this would not help with a proxy. But I think it would > help in Syria, where the ISPs simply don't allow SSH.
In order to allow people behind web-only proxies or fascist firewalls to access CVS, a solution is to bind our CVS+SSH daemon on a new IP on port 443 (https). It requires a free public IP on the GNU network. Michael J. Flickinger suggested another solution that involves Tor (tor.eff.org); it does not work for people behind web-only proxies right now, but theorically it could. Using Tor doesn't require any change at Savannah, although it implies a performance hit for the client. Do we have free public IP addresses on the GNU network? We will certainly need other free IPs when installing new version control systems at Savannah, such as Arch or SVN, or if there are few public IP addresses left, we have to consider this choice carefully. RMS: I apologize for what I wrote, it appears to be wrong. It is possible to bypass a proxy that allow https - since the proxy won't be able to determine whether the client is using https or ssh when connecting to remote port 443, and since https proxying has to be basically a simple port forwarding. Anyway, I strongly suggest accompagning any documentation about this with a warning telling users to get their admins to change the situation. We might write a webpage explaining the problem to such admins. -- Sylvain _______________________________________________ Savannah-help-public mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/savannah-hackers
