On 17 Jul 2005, at 13:24, Jim Fulton wrote:
- no need for clunky SSH key management

The key management doesn't have to be so clunky.  It's a shame
the current app is so bad, but not *quite* bad enough to make us
write a netter one.

You have to admit that machine accounts for everyone and a munged key that only allows executing the cvs binary is more of a hack than anything else...

I suggest trying https and seeing how you like it.  In reading
about it, it seems awful.  It's been a while since I read about it,
but it either involved entering passwords on every action or
storing passwords in clear text.  I fine SSH, once set up, to be much
cleaner, easier, and more secure.

I've been using HTTP and HTTPS (not on my own repos yet) on several occasions and never had to e.g. re-enter passwords after the first time. Here's a (possibly relevant) mailing list post I just dug up:


Here's what the SVN Red Book has to say about credentials caching:


So credentials do seem to get stored as cleartext, in the filesystem underneath $HOME/.subversion. Not sure how much of a problem that is, given the fact that normally home directories are well-protected. Unless you're using Windoze I suppose.

I don't think that making the repository available via http would be
a bad idea. I'm just too lazy to set it up. :)

Perhaps when the foundation is set up, someone else can take over svn
and make improvements like setting up http access or getting rid of the
BDB back end.

Let's just say that it is always good to have a known responsibility structure rather than "hm... I'll just talk to people who I know have touched this system in the past" ;)


Zope-Coders mailing list

Reply via email to