Tres Seaver schrieb: > Chris Withers wrote: ... >>> >>>Where should I write the proposal? Who is going to review it? > > > http://www.zope.org/Wikis/DevSite/Proposals ; post here and zope3-dev > for review.
+1 for http anon checkouts at least :-) > ... > -1 on using https for writable checkouts. > > The issues aren't so much technical feasibility as social / legal: a > checkin done using somebody's private key is way less deniable than one > done with a password. Unless you plan to set up a system for issuing > client certificates to contributors, I don't think https is superior to > svn+ssh at all. I think a possible solution would be client certificate on request and downloadable with ssh from users account - maybe even automatically generation of client cert via ssh for acredited contributors. At least this would be equaly secure/insecure as current ssh-pubkey only. Otoh, if you want to make it right [tm] you need a fairly complicated CA-setup. Including isolated box, sneakers-net or at least some solution with serial interface... really a lot of work. (But this would be more secure then we have now with the simple publickey) Regards Tino _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
