On Thu, 2009-04-02 at 20:43 +0200, Martijn Pieters wrote: > On Thu, Apr 2, 2009 at 20:39, Jim Fulton <j...@zope.com> wrote: > > > On Apr 2, 2009, at 2:31 PM, Chris Withers wrote: > >> For me, the ideal would be simply https for everything and using http > >> basic auth for access with more people having access to update the > >> passwd file and maybe Trac or WebSVN for a nice web interface. > > > > I absolutely *hate* using https to access subversion. This involves > > storing a key in plane text in my home directory, which is terrible. > > I far prefer using ssh-based infrastructure for this sort of thing. > > This is no longer the case for subversion 1.6 and up, the password is > now stored encrypted, and subversion now supports KWallet, GNOME > Keyring, Mac OS Keychain, and Windows CryptoAPI for storage. > > See: > http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvements
However, this only *allows* clients to manage their password reasonably, it doesn't force them to. SSH usually complains about bad permission settings on files etc and I guess is usually handled better. (Note: you can't force a passphrase onto the client either.) From my understanding, the interesting part is what the DVCSs do: let people sign their commits with e.g. their PGP key (strong auth) and allow them to share that data somewhere (different mechanism maybe not so strong auth). Christian -- Christian Theune · c...@gocept.com gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
