On 17 Jul 2005, at 13:24, Jim Fulton wrote:
- no need for clunky SSH key management
The key management doesn't have to be so clunky. It's a shame
the current app is so bad, but not *quite* bad enough to make us
write a netter one.
You have to admit that machine accounts for everyone and a munged key
that only allows executing the cvs binary is more of a hack than
I suggest trying https and seeing how you like it. In reading
about it, it seems awful. It's been a while since I read about it,
but it either involved entering passwords on every action or
storing passwords in clear text. I fine SSH, once set up, to be much
cleaner, easier, and more secure.
I've been using HTTP and HTTPS (not on my own repos yet) on several
occasions and never had to e.g. re-enter passwords after the first
time. Here's a (possibly relevant) mailing list post I just dug up:
Here's what the SVN Red Book has to say about credentials caching:
So credentials do seem to get stored as cleartext, in the filesystem
underneath $HOME/.subversion. Not sure how much of a problem that is,
given the fact that normally home directories are well-protected.
Unless you're using Windoze I suppose.
I don't think that making the repository available via http would be
a bad idea. I'm just too lazy to set it up. :)
Perhaps when the foundation is set up, someone else can take over svn
and make improvements like setting up http access or getting rid of
BDB back end.
Let's just say that it is always good to have a known responsibility
structure rather than "hm... I'll just talk to people who I know have
touched this system in the past" ;)
Zope-Coders mailing list