[Zope-dev] Re: http access to svn repos?

Chris Withers chris at simplistix.co.uk
Tue Mar 7 04:35:58 EST 2006 

Tres Seaver wrote:
>> Where should I write the proposal? Who is going to review it?
> 
> http://www.zope.org/Wikis/DevSite/Proposals ; post here and zope3-dev
> for review.

yay! a wiki... oh the joy...

> You need to identify potential issues, document any changes needed to
> the Apache config (to enable the DAV verbs, for instance), and spell out
> how to revert it;  then get the rest of the community to accept it, at
> least tacitly.

*sigh* red tape wins again. It's much easier to just do nothing, and 
just not be able to contribute from behind a firewall...

> The issues aren't so much technical feasibility as social / legal:  a
> checkin done using somebody's private key is way less deniable than one
> done with a password.  Unless you plan to set up a system for issuing
> client certificates to contributors, I don't think https is superior to
> svn+ssh at all.

Hmmm, I'm tempted to call BS on this. How much of this has actually been 
tested in a court? Really, all this crap gets caught up on pseudo legal 
BS which ultimately just makes it more difficult for people to 
contribute :-( I really don't get the whole paranoia about passwords 
anyway... yes, client certs and public key are "more secure", but 
really, why are we setting the bar so high? It's not like we're dealing 
with top secret national security stuff...

>> yes, this sucks :-/
> 
> It's *by design*.

OK, as a concrete example, the guys at my current big project have 
effectively donated a full MSDN license so I can pick up doing the 
Windows builds and give Tim a break. But, because they're a bank, they 
care about security and so don't let any old protocol through their 
firewalls... http and https are fine, I can check into or out of my own 
repository, and any other repo running a "standard" protocol. However, 
zope.org insists on using the esoteric svn+ssh protocol for write access 
(which you have to jump through all sorts of hoops to get working on 
Windows anyway :-/) and the getting-used-less-and-less svn protocol 
which is just flat blocked by large and immovable firewalls...

For trying to get people to help out, this sucks ass. Come on, we're an 
open source project, we _want_ people to help out, not keep on pushing 
them away with higher and higher bars :-(

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Zope-Dev mailing list