[Zope-dev] Re: http access to svn repos?
Tres Seaver
tseaver at palladion.com
Mon Mar 6 18:35:25 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Withers wrote:
> Tres Seaver wrote:
>
>> At one point, enabling the 'http:' checkout gateway was a sure-fire
>> recipe for getting SVN's knickers in a twist, which is why we disabled
>> it. Or maybe that was ViewCSV.
>
>
> It was ViewCSV, in particular, the tarball download...
>
>> In any case, I would guess that you might persuade folks to allow
>> DAV-based checkout (which is what svn-over-http is), but you are likely
>> to have to write it up as a proposal, including specific information
>> about the Apache / SVN configuration changes required.
>
>
> Where should I write the proposal? Who is going to review it?
http://www.zope.org/Wikis/DevSite/Proposals ; post here and zope3-dev
for review.
> I'm all for just doing it and reverting it if there are problems...
You need to identify potential issues, document any changes needed to
the Apache config (to enable the DAV verbs, for instance), and spell out
how to revert it; then get the rest of the community to accept it, at
least tacitly.
>> Yes, definitely. The answer is the same as when you asked for it two
>> years ago (: the WebDAV stuff is slow (which may be a reason not to
>> allow annonymous http: checkouts, too),
>
>
> I'm fairly sure SourceForge uses https for it's writeable svn service. I
> might be mistaken on that, but if I'm not, I doubt there are issues...
- -1 on using https for writable checkouts.
The issues aren't so much technical feasibility as social / legal: a
checkin done using somebody's private key is way less deniable than one
done with a password. Unless you plan to set up a system for issuing
client certificates to contributors, I don't think https is superior to
svn+ssh at all.
>> and the credentials mechanism is
>> built entirely around the contributor's SSH key..
>
>
> yes, this sucks :-/
It's *by design*.
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEDMc9+gerLs4ltQ4RAnGXAKDQFNkxsqRV+W82SZh5yLlbeJIYdgCglCV5
7rizxM8sF3bXk0P+9yDNnIU=
=9yuP
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list