On Tue, 2006-07-03 at 09:35 +0000, Chris Withers wrote:
> *sigh* red tape wins again. It's much easier to just do nothing, and
> just not be able to contribute from behind a firewall...
Yeah, this is always unfortunate.
> > The issues aren't so much technical feasibility as social / legal: a
> > checkin done using somebody's private key is way less deniable than one
> > done with a password. Unless you plan to set up a system for issuing
> > client certificates to contributors, I don't think https is superior to
> > svn+ssh at all.
> Hmmm, I'm tempted to call BS on this. How much of this has actually been
> tested in a court? Really, all this crap gets caught up on pseudo legal
> BS which ultimately just makes it more difficult for people to
> contribute :-( I really don't get the whole paranoia about passwords
> anyway... yes, client certs and public key are "more secure", but
> really, why are we setting the bar so high? It's not like we're dealing
> with top secret national security stuff...
+1 on Chris' comments
> For trying to get people to help out, this sucks ass. Come on, we're an
> open source project, we _want_ people to help out, not keep on pushing
> them away with higher and higher bars :-(
+1 once more
For my own contribution I could really care less what protocols we use,
since I"m in a situation where I can use whatever.
But out of the 20 or so public SVN repos i have write access to,
zope.org is the only one that requires this whole ssh thing (most do
writing over https, a few do writing over regular http). Its certainly
not the norm. I realize changing it at this point would probably be a
major pain for all existing contributors, but lowering the bar for new
contributors is definitely worth it IMHO.
Anyhow, just my 2 cents.
AdaptiveWave - Content Management as a Service
Content Management Made Simple
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -