[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Debian-sf-devel] HTML through CVS and remove login?

From: Soon-Son Kwon
Subject: Re: [Debian-sf-devel] HTML through CVS and remove login?
Date: Sun, 19 May 2002 10:21:08 +0900
User-agent: Mutt/1.2.5i

On Fri, May 17, 2002 at 11:25:36AM +0200, Christian BAYLE wrote:
> Soon-Son Kwon wrote:
> > 
> > Hello...
> > 
> > Since Rolando is working on splitting packages,
> > thinking of some pending issues with a different view
> > would not be a bad idea... :-)
> > 
> > Seeing the TODO.Debian file, we need to decide how to deal with
> > the chroot stuff which is not done yet. A patch for chroot
> > was submitted already but it was postponed due to a conflict with
> > debian policy.
> >
> There is an other problem,  I don't know how to solve:
> I added a non policy compliant symlink on /cvsroot
> that can be solve chrooting ssh but that causes others problems, 
> like enabling the send of mail from the chroot.
> On the over hand chrooting ssh make that it can't be used to do normal
> ssh,
> though there is maybe a solution in chrooting only ldap declared users
> with some tricky stuffs in /etc/profile.
> I think the ideal situation would be the follwing possible choices:
> -Put the cvsroot wherever you want
> -Chroot or not the ssh
> but this means to dig in the code to find all hardcoded path, and have
> this as 
> parameters, what can be a big task.
> Creating a symlink is a not so bad solution, except we should say to the
> user
> we don't respect policy. seems like a tough problem...
Personally I don't think the policy is more important than
solving the actual problem & the security but it is needless to say
that solving both would be the best situation...
But if we can bypass both by providing html via CVS tree,
then we will not have to worry about that...

> > But considering the need for chroot, if we do not let user login to
> > the server via ssh (current debian-sf supports it), we won't have to
> > worry about that.
> > 
> > Then, why the user need to login to the server?
> > As far as I know, it is for administrating the project homepage only.
> > Uploading file package can be done via web browser, proftpd can do
> > chroot itself. (I may be wrong...if so, please let me know.)
> > 
> > Hence if debian-sf provides a way to administrate the homepage via
> > CVS like savannah, we won't have to worry about chroot and the server
> > will be more secure than now.
> > 
> > In my opinion, if debian-sf does not have plan to provide "compile farm"
> > which has, we dont't have to support the login facility via ssh.
> > 
> > What do you think?
> > 
> I completly agree, there is "only" somme tricky stuffs to write in some
> cvs file 
> at cvs creation.
> We could choose the convention that a web module is automagically
> created
> and that anny commit in this place autoupdate the web pages, like on
> savannah.
> That should maybe be an option, of project creation.

I think providing a simple html skeleton via CVS would be
an effective starting point for all projects. I've seen many
developers who does not want to spend much time with HTML stuff.
For them, having to code project homepage can be a kind of nuisance...
For other people who enjoys coding HTML, they can just commit
more pages/images through CVS.

> Savannah choosed to create 2 separate CVS, I don't know if this is not a
> too
> complex solution or if we should do the same, though I didn't understand
> what they did exactly.
> It would be a good Idea to discuss with loic on this point, if one day 
> savannh want's to go debian-sf...

Is there any plan for savannah to upgrade to debian-sf?
If so, it will be a very good news. :-)
Anyway, talking about this with him will be helpful to both.

> > p.s. Please send me some screenshots for working debian-sf website
> > so that I can upload it to the debian-sf homepage.
> The only offcial external site I know is yours, Maybe just snap it :)

My site is not official either...but I'd snap it for now... :-)
           (o_             **WTFM**
(o_  (o_   //\
(/)_ (/)_  V_/_

reply via email to

[Prev in Thread] Current Thread [Next in Thread]