-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Rob Church wrote:
On 07/01/07, Matthew Flaschen wrote:
Brion Vibber wrote:
More people have SSH access for committing (though with a restricted shell)
Why can't they use svn commit?
We do; we use svn+ssh as our protocol. However, to stop us running riot and storing p0rn on brion's server, we're a little bit locked down. :)
To flesh this out a little:
Subversion can run over a couple of different transport protocol layers. The most common for read-only anonymous access is HTTP, using the WebDAV extensions.
HTTP isn't necessarily as attractive for read-write scenarios, though. Unencrypted HTTP is not a great idea, and even if you use encrypted HTTPS you still have to worry about how to set up good account and password management.
Tunneling Subversion over the SSH secure shell protocol allows accounts to be managed on the operating system in a relatively standard way, and the issue of password management can be pleasantly left on the client side.
That is, as server manager I never ever have to touch your password. I don't have to see one, set one, e-mail you a default, nothing. You send me a public key, and the private key on your computer is the only way that the account can be logged in to. Any password you put on it is managed by you on your computer; you can change the password, use a password keychain tool for convenience, whatever.
This means for instance that no one can get your SVN password by getting 10 seconds at your G-mail account and searching for "password" when your back is turned. ;)
If we provided shell service for developers on the same host, this would be even more convenient -- you'd login with the same key -- but we don't for now and so the accounts except for me and Tim use a restricted shell which allows only Subversion to be accessed.
This combination of http:// for anonymous access and svn+ssh:// for developer access is pretty common, though I've occasionally seen projects using https:// with password authentication. (yech!)
- -- brion vibber (brion @ pobox.com)