[Zope-dev] Re: http access to svn repos?

Tino Wildenhain tino at wildenhain.de
Mon Mar 6 18:47:47 EST 2006


Tres Seaver schrieb:
> Chris Withers wrote:

...
>>>
>>>Where should I write the proposal? Who is going to review it?
> 
> 
> http://www.zope.org/Wikis/DevSite/Proposals ; post here and zope3-dev
> for review.

+1 for http anon checkouts at least :-)
> 
...
> -1 on using https for writable checkouts.
> 
> The issues aren't so much technical feasibility as social / legal:  a
> checkin done using somebody's private key is way less deniable than one
> done with a password.  Unless you plan to set up a system for issuing
> client certificates to contributors, I don't think https is superior to
> svn+ssh at all.

I think a possible solution would be client certificate on request
and downloadable with ssh from users account - maybe even automatically
generation of client cert via ssh for acredited contributors.

At least this would be equaly secure/insecure as current ssh-pubkey
only.

Otoh, if you want to make it right [tm] you need a fairly complicated
CA-setup. Including isolated box, sneakers-net or at least some solution
with serial interface... really a lot of work. (But this would
be more secure then we have now with the simple publickey)

Regards
Tino


More information about the Zope-Dev mailing list