[Zope-dev] Re: http access to svn repos?

Rocky Burt rocky.burt at adaptivewave.com
Sat Mar 11 07:10:39 EST 2006


On Tue, 2006-07-03 at 09:35 +0000, Chris Withers wrote:
> *sigh* red tape wins again. It's much easier to just do nothing, and 
> just not be able to contribute from behind a firewall...

Yeah, this is always unfortunate.


> > The issues aren't so much technical feasibility as social / legal:  a
> > checkin done using somebody's private key is way less deniable than one
> > done with a password.  Unless you plan to set up a system for issuing
> > client certificates to contributors, I don't think https is superior to
> > svn+ssh at all.
> 
> Hmmm, I'm tempted to call BS on this. How much of this has actually been 
> tested in a court? Really, all this crap gets caught up on pseudo legal 
> BS which ultimately just makes it more difficult for people to 
> contribute :-( I really don't get the whole paranoia about passwords 
> anyway... yes, client certs and public key are "more secure", but 
> really, why are we setting the bar so high? It's not like we're dealing 
> with top secret national security stuff...

+1 on Chris' comments


> For trying to get people to help out, this sucks ass. Come on, we're an 
> open source project, we _want_ people to help out, not keep on pushing 
> them away with higher and higher bars :-(

+1 once more


For my own contribution I could really care less what protocols we use,
since I"m in a situation where I can use whatever.

But out of the 20 or so public SVN repos i have write access to,
zope.org is the only one that requires this whole ssh thing (most do
writing over https, a few do writing over regular http).  Its certainly
not the norm.  I realize changing it at this point would probably be a
major pain for all existing contributors, but lowering the bar for new
contributors is definitely worth it IMHO.

Anyhow, just my 2 cents.

- Rocky


-- 
Rocky Burt
AdaptiveWave - Content Management as a Service
http://www.adaptivewave.com
Content Management Made Simple




More information about the Zope-Dev mailing list