Tres Seaver wrote:
Where should I write the proposal? Who is going to review it?
http://www.zope.org/Wikis/DevSite/Proposals ; post here and zope3-dev
yay! a wiki... oh the joy...
You need to identify potential issues, document any changes needed to
the Apache config (to enable the DAV verbs, for instance), and spell out
how to revert it; then get the rest of the community to accept it, at
*sigh* red tape wins again. It's much easier to just do nothing, and
just not be able to contribute from behind a firewall...
The issues aren't so much technical feasibility as social / legal: a
checkin done using somebody's private key is way less deniable than one
done with a password. Unless you plan to set up a system for issuing
client certificates to contributors, I don't think https is superior to
svn+ssh at all.
Hmmm, I'm tempted to call BS on this. How much of this has actually been
tested in a court? Really, all this crap gets caught up on pseudo legal
BS which ultimately just makes it more difficult for people to
contribute :-( I really don't get the whole paranoia about passwords
anyway... yes, client certs and public key are "more secure", but
really, why are we setting the bar so high? It's not like we're dealing
with top secret national security stuff...
yes, this sucks :-/
It's *by design*.
OK, as a concrete example, the guys at my current big project have
effectively donated a full MSDN license so I can pick up doing the
Windows builds and give Tim a break. But, because they're a bank, they
care about security and so don't let any old protocol through their
firewalls... http and https are fine, I can check into or out of my own
repository, and any other repo running a "standard" protocol. However,
zope.org insists on using the esoteric svn+ssh protocol for write access
(which you have to jump through all sorts of hoops to get working on
Windows anyway :-/) and the getting-used-less-and-less svn protocol
which is just flat blocked by large and immovable firewalls...
For trying to get people to help out, this sucks ass. Come on, we're an
open source project, we _want_ people to help out, not keep on pushing
them away with higher and higher bars :-(
Simplistix - Content Management, Zope & Python Consulting
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -