Jens Vagelpohl wrote:
I noticed that right now the SVN repositories on svn.zope.org can only
be accessed using the "svn" and "svn+ssh" protocols. It occurred to me
that by enabling "http" and "https" and going away from "svn" and
"svn+ssh" a big win can be had in terms of administration.
- no need for machine accounts for developers
- no need for clunky SSH key management
The key management doesn't have to be so clunky. It's a shame
the current app is so bad, but not *quite* bad enough to make us
write a netter one.
- hook directly into existing authentication databases (LDAP of course ;)
In a different situation (a Apache-based webmail setup where all
underlying mail components hook into LDAP for account and configuration
data) I have used mod_authz_ldap successfully to re-use existing mail
system authentication data for protecting access to the webmail site.
Since we already have LDAP as the basis for www.zope.org login
information it should not be hard to add an attribute to contributors'
records that can be used to determine access to e.g.
"https://svn.zope.org/svn" as a front door to the main repo or even
I'm hoping to flesh that out more when I complete migrating my own
repositories to SVN in the next couple weeks.
I suggest trying https and seeing how you like it. In reading
about it, it seems awful. It's been a while since I read about it,
but it either involved entering passwords on every action or
storing passwords in clear text. I fine SSH, once set up, to be much
cleaner, easier, and more secure.
I don't think that making the repository available via http would be
a bad idea. I'm just too lazy to set it up. :)
Perhaps when the foundation is set up, someone else can take over svn
and make improvements like setting up http access or getting rid of the
BDB back end.
Jim Fulton mailto:[EMAIL PROTECTED] Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
Zope-Coders mailing list