On Tue, 2006-07-03 at 09:35 +0000, Chris Withers wrote:
*sigh* red tape wins again. It's much easier to just do nothing, and just not be able to contribute from behind a firewall...
Yeah, this is always unfortunate.
The issues aren't so much technical feasibility as social / legal: a checkin done using somebody's private key is way less deniable than one done with a password. Unless you plan to set up a system for issuing client certificates to contributors, I don't think https is superior to svn+ssh at all.
Hmmm, I'm tempted to call BS on this. How much of this has actually been tested in a court? Really, all this crap gets caught up on pseudo legal BS which ultimately just makes it more difficult for people to contribute :-( I really don't get the whole paranoia about passwords anyway... yes, client certs and public key are "more secure", but really, why are we setting the bar so high? It's not like we're dealing with top secret national security stuff...
+1 on Chris' comments
For trying to get people to help out, this sucks ass. Come on, we're an open source project, we _want_ people to help out, not keep on pushing them away with higher and higher bars :-(
+1 once more For my own contribution I could really care less what protocols we use, since I"m in a situation where I can use whatever. But out of the 20 or so public SVN repos i have write access to, zope.org is the only one that requires this whole ssh thing (most do writing over https, a few do writing over regular http). Its certainly not the norm. I realize changing it at this point would probably be a major pain for all existing contributors, but lowering the bar for new contributors is definitely worth it IMHO. Anyhow, just my 2 cents. - Rocky -- Rocky Burt AdaptiveWave - Content Management as a Service http://www.adaptivewave.com Content Management Made Simple