[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ssh based access?

From: Garrett Rooney <rooneg_at_electricjellyfish.net>
Date: 2002-04-16 04:37:57 CEST

On Mon, Apr 15, 2002 at 10:27:17PM -0400, Perry E. Metzger wrote:

> > If the extra modules are stripped out, and you run only the prefork MPM,
> > it's pretty small.
>
> But that's not how we're running Apache for subversion.

for subversion you need the core apache (which can use the prefork
MPM, for simplicity's sake), mod_dav, and mod_dav_svn. is there
anything else?

> > Perhaps the inauditability of the codebase could be
> > reconsidered?
>
> It isn't a question of what we would like. In general, once an app
> gets too large you can't audit it, and Apache is way way bigger than
> you can audit.
>
> > It's not like people aren't running Apache in pretty secure
> > production situations - it's at least secure enough for netbsd's own web
> > site (and openbsd's as well).
>
> Our web site is not considered a secure application. We're fully
> prepared (and expect) for it to be broken into and to have to recover
> it. Our code repository is a very different animal. Breakins there
> could be very bad.
>
> BTW, I'm perfectly happy using naked Apache as the front end for the
> anonymous CVS equivalent in SVN.

well, in that case you could simple disallow commit's via ra_dav, and
make people log in and use ra_local for that. it's clunky but it
works. or, you can write ra_ssh (or ra_pipe, as people on irc were
talking about, since there's no reason to require this to be used via
ssh, we could use anything we can read and write to). it probably
wouldn't be all that hard (one of the ideas someone mentioned was
just committing to xml files and sending them over the pipe to the
other side, which reads them in and applies them). it's not something
that the core developers are going to spend their time working on,
just like they're not working on alternate filesystem backends, but if
someone showed up with working code, i imagine we'd probably be able
to arrange commit access for them to do the work.

-garrett

-- 
garrett rooney                    Remember, any design flaw you're 
rooneg@electricjellyfish.net      sufficiently snide about becomes  
http://electricjellyfish.net/     a feature.       -- Dan Sugalski
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Apr 16 04:38:47 2002

This is an archived mail posted to the Subversion Dev mailing list.