Perry E. Metzger wrote:
>Brian Mathis <bmathis@directedge.com> writes:
>
>
>>There's already a way to make all your accesses to the repos "suid" to
>>svn, it's called svnserve. Run it as user "svn" and viola, all
>>accesses through it are done as user "svn". Tunnel over ssh, and
>>you're done.
>>
>>
>
>Why bother? The direct tools can do exactly the same thing, and then I
>don't have to worry that svnserve is accidently misconfigured to
>listen to the wrong interface one morning. Fewer moving parts, fewer
>accidents.
>
>
Not enough moving parts, the machine doesn't work right.
The direct tools do NOT do excatly the same thing! If they did, 1 of
them wouldn't exist. If you are worried that your config files will
accidentally change, then you have bigger problems with security than
running a daemon.
What we have here is an XYZ problem:
Q: I want to use X to perform function Y, but instead it's doing Z.
A: X doesn't perform function Y, use A instead
Q: But I don't want to use A, I want to use X
A: Too bad. X doesn't do what you want, but A does. Use A.
Q: But I don't want to use A.
....
The point is that there are already TWO other options that will allow
you to reach the goal you want. 1 is apache, and 2 is svnserve. Using
these requires ZERO code changes to svn. If apache doesn't meet your
needs, then fine, use svnserve over ssh.
--
Brian Mathis
http://directedge.com/b/
Received on Fri Feb 13 19:41:50 2004