On Thu, 2009-04-02 at 20:43 +0200, Martijn Pieters wrote:
> On Thu, Apr 2, 2009 at 20:39, Jim Fulton <j...@zope.com> wrote:
> > On Apr 2, 2009, at 2:31 PM, Chris Withers wrote:
> >> For me, the ideal would be simply https for everything and using http
> >> basic auth for access with more people having access to update the
> >> passwd file and maybe Trac or WebSVN for a nice web interface.
> >
> > I absolutely *hate* using https to access subversion.  This involves
> > storing a key in plane text in my home directory, which is terrible.
> > I far prefer using ssh-based infrastructure for this sort of thing.
> This is no longer the case for subversion 1.6 and up, the password is
> now stored encrypted, and subversion now supports KWallet, GNOME
> Keyring, Mac OS Keychain, and Windows CryptoAPI for storage.
> See: 
> http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvements

However, this only *allows* clients to manage their password reasonably,
it doesn't force them to. SSH usually complains about bad permission
settings on files etc and I guess is usually handled better. (Note: you
can't force a passphrase onto the client either.)

From my understanding, the interesting part is what the DVCSs do: let
people sign their commits with e.g. their PGP key (strong auth) and
allow them to share that data somewhere (different mechanism maybe not
so strong auth).


Christian Theune · c...@gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1
Zope and Plone consulting and development

Attachment: signature.asc
Description: This is a digitally signed message part

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to