Jens Vagelpohl wrote:
Hi guys,

I noticed that right now the SVN repositories on can only be accessed using the "svn" and "svn+ssh" protocols. It occurred to me that by enabling "http" and "https" and going away from "svn" and "svn+ssh" a big win can be had in terms of administration.

- no need for machine accounts for developers
- no need for clunky SSH key management

The key management doesn't have to be so clunky.  It's a shame
the current app is so bad, but not *quite* bad enough to make us
write a netter one.

- hook directly into existing authentication databases (LDAP of  course ;)

In a different situation (a Apache-based webmail setup where all underlying mail components hook into LDAP for account and configuration data) I have used mod_authz_ldap successfully to re-use existing mail system authentication data for protecting access to the webmail site.

Since we already have LDAP as the basis for login information it should not be hard to add an attribute to contributors' records that can be used to determine access to e.g. ""; as a front door to the main repo or even specific sub-projects.

I'm hoping to flesh that out more when I complete migrating my own repositories to SVN in the next couple weeks.

I suggest trying https and seeing how you like it.  In reading
about it, it seems awful.  It's been a while since I read about it,
but it either involved entering passwords on every action or
storing passwords in clear text.  I fine SSH, once set up, to be much
cleaner, easier, and more secure.

I don't think that making the repository available via http would be
a bad idea. I'm just too lazy to set it up. :)

Perhaps when the foundation is set up, someone else can take over svn
and make improvements like setting up http access or getting rid of the
BDB back end.


Jim Fulton           mailto:[EMAIL PROTECTED]       Python Powered!
CTO                  (540) 361-1714  
Zope Corporation
Zope-Coders mailing list

Reply via email to