[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svn Farm

From: Nico Kadel-Garcia <nkadel_at_gmail.com>
Date: Sun, 10 Oct 2010 16:12:04 -0400

On Sat, Oct 9, 2010 at 2:05 PM, Les Mikesell <lesmikesell_at_gmail.com> wrote:
> On 10/9/10 12:51 PM, Nico Kadel-Garcia wrote:

>> Yeah, both Subversion and SSH share the flaw of *ALLOWING* such
>> unprotected keys to be stored locally, with no special command line
>> arguments or special settings, and impossible to compile out of the
>> clients with the current source trees.
>
> If they didn't, it would be impossible to do automated commands.  There are
> times when you have to choose between trusting the OS to protect your files
> (which is, after all, one of its jobs) or not being able to do what you
> want.

This is incorrect. There are at least 5 tools in common use to support
unlocking SSH keys and making them available for other programs to
use, all based on the "ssh-agent" built-in technology of all vaguely
complete SSH software packages. The include:

* Pageant, built into the Putty installer, for Windows users.
* gnome-keyring, already mentioned in this thread and aimed at X
sessions, possible to use for command line sessions with considerable
work.
* kde-wallet, similar to gnome-keyring
* keychain, a popular and lightweight Perl script for just this use.
* Typing "eval ssh-agent" and "ssh-add [name of your SSH private key"
from the command line in the window or session you will run Subversion
from.

It's a pain in the backside, but it's fairly common practice. It
wouldn't be so necessary if Subversion didn't rely on central
repository access for committing any changes. but that's pretty core
to the way CVS and and now Subversion work, and I don't see that going
away.
Received on 2010-10-10 22:12:42 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.