-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rob Church wrote:
On 07/01/07, Matthew Flaschen wrote:
Brion Vibber wrote:
More people
have SSH access for committing (though with a restricted shell)
Why can't they
use svn commit?
We do; we use svn+ssh as our protocol. However, to stop us running
riot and storing p0rn on brion's server, we're a little bit locked
down. :)
To flesh this out a little:
Subversion can run over a couple of different transport protocol layers.
The most common for read-only anonymous access is HTTP, using the WebDAV
extensions.
HTTP isn't necessarily as attractive for read-write scenarios, though.
Unencrypted HTTP is not a great idea, and even if you use encrypted
HTTPS you still have to worry about how to set up good account and
password management.
Tunneling Subversion over the SSH secure shell protocol allows accounts
to be managed on the operating system in a relatively standard way, and
the issue of password management can be pleasantly left on the client side.
That is, as server manager I never ever have to touch your password. I
don't have to see one, set one, e-mail you a default, nothing. You send
me a public key, and the private key on your computer is the only way
that the account can be logged in to. Any password you put on it is
managed by you on your computer; you can change the password, use a
password keychain tool for convenience, whatever.
This means for instance that no one can get your SVN password by getting
10 seconds at your G-mail account and searching for "password" when your
back is turned. ;)
If we provided shell service for developers on the same host, this would
be even more convenient -- you'd login with the same key -- but we don't
for now and so the accounts except for me and Tim use a restricted shell
which allows only Subversion to be accessed.
This combination of http:// for anonymous access and svn+ssh:// for
developer access is pretty common, though I've occasionally seen
projects using https:// with password authentication. (yech!)
- -- brion vibber (brion @
pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFFoMb9wRnhpk1wk44RAurjAKCws+ZDIYmtaI7BfE0lUXvDauYF3QCdE0Kb
dup4maczYGylXtrdStwj8tA=
=eevy
-----END PGP SIGNATURE-----