[PD-dev] CVS/SVN @ iem (was Re: [GEM-dev] CVS...)

IOhannes m zmoelnig zmoelnig at iem.at
Thu May 11 09:52:39 CEST 2006 

Jamie Bullock wrote:
> On Wed, 10 May 2006 22:38:35 -0400 (EDT)
> Mathieu Bouchard <matju at artengine.ca> wrote:
> <snip>
>> So I'd hand out a user account to, say, Günther and/or some more people.  
>> How does SVN manage user perms? Or CVS? Is there a way to be safer than
>> :pserver: but without requiring setting up system-wide accounts for all 
>> ~55 developers?

well, afaik there are special shells for restricted use, so accounts are 
allowed to only do certain tasks (like cvs) when they login.
and use rootjails!

this is the main reason why i would favour a subversion system if the 
iem was to host the repository (if we really migrate from sf)


>>
> 
> If you use svnserve, it uses an MD5 based key exchange mechanism, with user credentials stored in a flat text file. You can also use it in tunnel mode, in which case, you authenticate against unix credentials over SSH. The alternative is to use Apache + mod_dav_svn (more flexible), in which case you can use any authentication mechanisms supported by Apaache, LDAP, http basic auth etc.
> 
> I would of thought that the nicest way to do this would be to run an LDAP service and use it to manage svn users/groups as well as Zope users/groups and authentication for the puredata site. Of course, that's significantly more work.
> 

on the long run i think it might well be worth it. especially the 
user-administration would be eased a lot if we could use the existing 
framework. no need to ssh to the server and manually edit flat files, 
the user-managment (setting passwords!) is already handled.

(btw, the user-db of puredata.info is currently not stored in an 
ldap-tree but rather directly in zope/plone; most likely there exists a 
possibility to migrate)


most important (on my side - speaking for the iem) security: i am not 
really willing (and most likely not allowed) to give 54 (and the number 
is growing) people whom i don't know and who are spread all over the 
world so i cannot reach them if i need to login access on a host that is 
within the university's network.


mfg.asd.r
IOhannes

More information about the Pd-dev mailing list