On Fri, May 1, 2009 at 6:42 PM, Johan Corveleyn
<johan.corveleyn_at_uz.kuleuven.ac.be> wrote:
> I don't really understand where you got the idea that we use
> the file:// protocol :).
The fact that your Sysadmins don't like creating special non-user
accounts. I've been through this before where I am trying to implement
a client/server software, and our IT department tell us they can't
setup a non-user account in order to run the software.
> For our continuous builds we use Teamcity (which idd
> doesn't need write access).
But earlier you said:
> we use a fixed build machine (*nix machine) with a
> "shared" WC (we take rotations to perform the build)
What builds are you doing on the *nix machine that you're not doing
with TeamCity?
>
> Regards,
> Johan
>
>> So, um.... who's the user that owns the Subversion repository and runs
>> the Subversion server process? Please don't tell me you all use the
>> file:// protocol in order to get around this security issue.
>>
>> If you use Hudson <https://hudson.dev.java.net/> with Subversion, you
>> really wouldn't need to give the Hudson server write access to your
>> Subversion repository. In Subversion, you can use the Subversion
>> revision number as a psudo-tag, so you don't have to make a new tag
>> for each build. Hudson shows you the Subversion revision number of
>> each build. Hudson will also store your build artifacts and other
>> items, so you don't have to check those into Subversion either.
>>
>> Give Hudson a try. It's really very easy to setup and use.
>>
>> On Thu, Apr 30, 2009 at 9:51 AM, Johan Corveleyn
>> <johan.corveleyn_at_uz.kuleuven.ac.be> wrote:
>> > Well that would be fine, except for security: you'd need to have a
>> generic "build user" (not corresponding to a real person), with fixed
>> password, that has write access to the repository (needs to commit
>> version info, make branches, tags, ...). In our case this means this
>> "user" has to exist in our LDAP in the developers group (only that LDAP
>> group has write access currently).
>> >
>> > Our sysadmins don't like such generic user accounts (for one thing:
>> their password tends to be fixed over time to help all the automation,
>> contrary to normal accounts, which are forced to change their password
>> every x months).
>> >
>> > That's why we thought: why not let every developer build under his
>> own account (but share the WC to speed up things), and avoid this whole
>> issue.
>> >
>> > Johan
>> >
>> > -----Oorspronkelijk bericht-----
>> > Van: Les Mikesell [mailto:lesmikesell_at_gmail.com]
>> > Verzonden: donderdag 30 april 2009 15:43
>> > Aan: Bob Archer
>> > CC: Johan Corveleyn; users_at_subversion.tigris.org; xuer811
>> > Onderwerp: Re: svn????????
>> >
>> > Bob Archer wrote:
>> >>> Hmmm, we were planning to do this in the following scenario:
>> >>> - during normal development, everyone has his own local WC
>> >>> - for building, we use a fixed build machine (*nix machine) with a
>> >>> "shared" WC (we take rotations to perform the build)
>> >>>
>> >>> I guess this sort of WC-sharing should be fine, shouldn't it?
>> >>
>> >> Yes it "should" be ok. However, why not create a build script and
>> automate it. First, this means only the "automation" is using the WC.
>> And second, your devs don't have to do it manually.
>> >>
>> >
>> > Or start with something like hudson and let it run your automation.
>> >
>> > --
>> > Les Mikesell
>> > lesmikesell_at_gmail.com
>> >
>> > ------------------------------------------------------
>> >
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessage
>> Id=1995411
>> >
>> > To unsubscribe from this discussion, e-mail: [users-
>> unsubscribe_at_subversion.tigris.org].
>> >
>>
>>
>>
>> --
>> David Weintraub
>> qazwart_at_gmail.com
>
--
David Weintraub
qazwart_at_gmail.com
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2039645
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-05-03 05:01:33 CEST