On Thu, 2009-04-02 at 20:43 +0200, Martijn Pieters wrote:
On Thu, Apr 2, 2009 at 20:39, Jim Fulton <jim@zope.com> wrote:
On Apr 2, 2009, at 2:31 PM, Chris Withers wrote:
For me, the ideal would be simply https for everything and using http basic auth for access with more people having access to update the passwd file and maybe Trac or WebSVN for a nice web interface.
I absolutely *hate* using https to access subversion. This involves storing a key in plane text in my home directory, which is terrible. I far prefer using ssh-based infrastructure for this sort of thing.
This is no longer the case for subversion 1.6 and up, the password is now stored encrypted, and subversion now supports KWallet, GNOME Keyring, Mac OS Keychain, and Windows CryptoAPI for storage.
See: http://subversion.tigris.org/svn_1.6_releasenotes.html#auth-related-improvem...
However, this only *allows* clients to manage their password reasonably, it doesn't force them to. SSH usually complains about bad permission settings on files etc and I guess is usually handled better. (Note: you can't force a passphrase onto the client either.) From my understanding, the interesting part is what the DVCSs do: let people sign their commits with e.g. their PGP key (strong auth) and allow them to share that data somewhere (different mechanism maybe not so strong auth). Christian -- Christian Theune · ct@gocept.com gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1 Zope and Plone consulting and development