[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support)
From: |
Beuc |
Subject: |
[Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support) |
Date: |
Sun, 03 Dec 2006 12:14:10 +0000 |
??changed:
-There was a discussion about supporting montone at Savannah it on the
monotone-devel list (hosted by Savannah :)) last year:
-http://lists.gnu.org/archive/html/monotone-devel/2005-08/msg00072.html
-
-I also just had a discussion at #monotone: they now have 'usher'.
-
-From http://venge.net/monotone/NEWS: "'usher' support: experimental method for
proxying multiple netsync servers through a single port (similar concept to
- vhosts) (Timothy Brownawell <address@hidden>)"
-
-It does a simple forwarding, but does not use different user ids. This is not
good for security because there is no isolation - which means if usher is
cracked into then all the monotone repositories would be impacted.
-
-[With CVS and GNU Arch, our solution is to rely on SSH and Unix privileges.
Plus the Doctor setup as a kind of exception for webpages (security issue is
cracked Apache evedropping, ie password-based auth).]
-
-
-Here's the IRC conversation.
-Since an IRC conversation is not necessarily meant for full public archival,
I'll sum up the channel answers:
-
- * Beuc: Hey. I wonder where I could read more information about usher. I
wonder if each database can be owned by a different group (think suExec) or if
all have to belong to the proxy server :)
-
- * #monotone: each database has to be +rw for whoever's running the usher.
-[33 more lines...]
Monotone now probably can be used for mass hosting:
- ssh support (read/write) - since 0.27/2006-06
- multi-database server (read) - since 0.23/2005-09
http://mtn-host.prjek.net/ demonstrates Monotone hosting and publishes its
source code (project 'webhost')
Technically, usher can be used for write access, but does not support
privileges separation (one uid must have write access to all repos).
References
There was a discussion about supporting montone at Savannah it on the
monotone-devel list (hosted by Savannah :)) last year:
http://lists.gnu.org/archive/html/monotone-devel/2005-08/msg00072.html
Monotone proselitism ;) by Chad Walstrom:
http://lists.gnu.org/mailman/private/gnu-prog-discuss/2006q2/001201.html
(For more general discussion about supporting a new service, check
NewServiceSupport)
Rejected Ideas
- usher + setuid wrapper for 'mtn server': I think the authentication is
performed after 'mtn server' is started
- forward connection to a running server: we can't afford to let 2500 servers
(one per project) always running in the background
--
forwarded from
https://savannah.gnu.org/maintenance/address@hidden://savannah.gnu.org/maintenance
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support),
Beuc <=