[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: automated software packaging and release scripts?

From: Reedick, Andrew <jr9445_at_ATT.COM>
Date: 2007-12-06 21:24:24 CET

> -----Original Message-----
> From: Reuben Avery [mailto:reuben@swirl.net]
> Sent: Thursday, December 06, 2007 2:19 PM
> To: users@subversion.tigris.org
> Subject: automated software packaging and release scripts?
>
> Hello all,
>
> I would really like to find some nicely developed SVN automation
> scripts for packaging and releasing (in our case primarily web
> sites) via FTP.
>
> I have seen svnant and the ANT ftp tasks... this seems "ok" to start
> with.. I don't like the idea of having to store a plaint-text FTP
password
> within the makefile, though..

If you want anyone to be able to ftp:

If you're on unix, look into using sudo. Lock down the passwords in a
file readable only by a privileged user. Sudo runs the ftp script as
the privileged user which can read the file. This way anyone can run
the ftp script without knowing the passwords.

Windows may or may not have a sudo equivalent. Talk to your admin.
Worst case, you have a script called by a scheduled task that watches a
directory, ftp's any file it sees, and deletes the file. All scripts
and the scheduled task are readable only by a privileged user.

Side note: if the developers have write access to the makefile, ant,
ant tasks, and deploy scripts, then, from a security standpoint, it
probably doesn't matter if the password is stored in plaintext or not.
(They could Trojan the ant task and grab the password.) So if you're
locking down passwords, then you also need to run trusted copies of ant,
the ant tasks, the deploy scripts, etc. from a locked down directory.

*****

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. GA625

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Dec 6 21:25:21 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.