On 7/21/05, Crucius, Wesley <WCrucius@sandc.com> wrote:> What I'm looking for: > I'm looking for recommendations for third party Subversion hosting services> that will host commercial / proprietary development, obviously for a fee. > I'd also welcome any general or specific feedback regarding the use of this> kind of solution…
I have not encountered a third part Subversion host (plenty of CVShosts out there), and haven't ever seen a "commercial" third partyhost to that effect (overlooking places like Sourceforge, which arepublic). But just to toss in my 2-cents... :)
I'd think your company should be much more concerned about hostingproprietary development source code and documentation with a stranger(more or less), then with listening to IT who don't want to expose anApache server to the world. You don't even need Apache.
You will be giving them proprietary information to host which they cannow read and copy (no matter if they "promise" not to), I would thinkyour company would not look well upon that. It may also be part of acommon IP to all the repositories this 3rd party host hosts -- makingit more likely someone would try to get in, over a personal IP with nomarkings as to what is behind it.
A 3rd party host will cover their butts. You can be sure that anycontract you sign says something like "it isn't our fault if..." andfill whatever worst case scenario you want. If one of their employeestakes something out, or someone gets in and steals something, thecompany will absolve themselves of liability. You might be able toget a hold of a person, but the company will make sure they can't beblamed.
> Why I want it: > The reason for my interrest is because we have a large group of contract> developers (on the other side of the world from our in-house application> developers) that are creating a product upon which our in-house developers> build. Our IT folks are uncomfortable with the security issues of running> an internet-exposed Apache web-server.
As far as IT not wanting to expose an Apache server? That doesn'tmake sense. Not in the situation you are needing to solve. A $300computer exposed to the Internet, and disconnected from your internalLAN can easily support the repository. If somebody hacks in, you areno more screwed then if someone hacked into the 3rd party host --except now you have more money to pay IT (since you haven't beenpaying the 3rd party host) to fix the problem ASAP.
Now, I'm not saying the not wanting to expose a company server to theoutside world is silly. But that is just what you are doing with the3rd party host -- you are turning them into a company server andpaying them in the process. Would you rather be able to pull the plugon the server yourself, or have to call someone to tell them to pullthe plug?
They don't like Apache being up? Run 'svnserve'. The only thingApache really buys you (in terms of use) is being able to view thesource tree over the web. Big whoop. :) Svnserve will talk over aless common port and will provide all the functionality required tocheck things in, out, and everything else.
That's my 2 cents. Not overly useful in your search, I know (sorry). I don't want to sound like any company that might offer this serviceis a rip-off. It is just my personal opinion that if you have thecapacity to do it yourself, why not do it yourself and make sure it isdone the way you want?
Nick-- Whatever you do - don't congratulate yourself too much, or berateyourself either.Your choices are half chance, and so are everybody else's.
Received on Thu Jul 21 22:15:40 2005