On 12/29/10 11:03 AM, Philip Prindeville wrote:
>
>> That's unclear, I agree. I've taken it in a slightly different
>> direction, trying to address his concerns.
>
> So my concern is this: I want to be able to easily, clearly, and with high
> confidence set up SVN to *only* work via Apache, and no other way. And I think
> that it's not unreasonable for the admin to be able to tell "svnadmin create"
> which access method he plans on using.
If you don't want people to run svnserve, just remove the binary. If you don't
want file:/// access, don't give anyone access to the filesystem or ssh
connections. It really seems like a waste of time to me to try to control what
a developer with access to both the source code and the filesystem in question
can or can't do. I agree that making it harder to do something stupid is a good
idea, but starting wars between developers and administrators isn't going to be
a good idea unless the only access the machine is over http(s).
> And I can say, as an admin a decade ago, that software that is simple and clear
> to setup and operate is a joy in an otherwise largely thankless job (since
> people only talk to you when things are broken, not when they work correctly).
But even that is a mixed bag. If you have an existing infrastructure for
authentication and/or client ssl certificates you are going to want software
that is versatile enough to use it instead of forcing you to use its own
different mechanisms.
--
Les Mikesell
lesmikesell_at_gmail.com
Received on 2010-12-29 18:32:52 CET