Tres Seaver wrote:
Where should I write the proposal? Who is going to review it?


http://www.zope.org/Wikis/DevSite/Proposals ; post here and zope3-dev
for review.

yay! a wiki... oh the joy...

You need to identify potential issues, document any changes needed to
the Apache config (to enable the DAV verbs, for instance), and spell out
how to revert it;  then get the rest of the community to accept it, at
least tacitly.

*sigh* red tape wins again. It's much easier to just do nothing, and just not be able to contribute from behind a firewall...

The issues aren't so much technical feasibility as social / legal:  a
checkin done using somebody's private key is way less deniable than one
done with a password.  Unless you plan to set up a system for issuing
client certificates to contributors, I don't think https is superior to
svn+ssh at all.

Hmmm, I'm tempted to call BS on this. How much of this has actually been tested in a court? Really, all this crap gets caught up on pseudo legal BS which ultimately just makes it more difficult for people to contribute :-( I really don't get the whole paranoia about passwords anyway... yes, client certs and public key are "more secure", but really, why are we setting the bar so high? It's not like we're dealing with top secret national security stuff...

yes, this sucks :-/

It's *by design*.

OK, as a concrete example, the guys at my current big project have effectively donated a full MSDN license so I can pick up doing the Windows builds and give Tim a break. But, because they're a bank, they care about security and so don't let any old protocol through their firewalls... http and https are fine, I can check into or out of my own repository, and any other repo running a "standard" protocol. However, zope.org insists on using the esoteric svn+ssh protocol for write access (which you have to jump through all sorts of hoops to get working on Windows anyway :-/) and the getting-used-less-and-less svn protocol which is just flat blocked by large and immovable firewalls...

For trying to get people to help out, this sucks ass. Come on, we're an open source project, we _want_ people to help out, not keep on pushing them away with higher and higher bars :-(

Chris

--
Simplistix - Content Management, Zope & Python Consulting
           - http://www.simplistix.co.uk

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to