[Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support)

savannah-cvs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support)

From:	Beuc
Subject:	[Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support)
Date:	Sun, 03 Dec 2006 12:14:10 +0000

??changed:
-There was a discussion about supporting montone at Savannah it on the 
monotone-devel list (hosted by Savannah :)) last year:
-http://lists.gnu.org/archive/html/monotone-devel/2005-08/msg00072.html
-
-I also just had a discussion at #monotone: they now have 'usher'.
-
-From http://venge.net/monotone/NEWS: "'usher' support: experimental method for 
proxying multiple netsync servers through a single port (similar concept to
- vhosts) (Timothy Brownawell <address@hidden>)"
-
-It  does a simple forwarding, but does not use different user ids. This is not 
good for security because there is no isolation - which means if usher is 
cracked into then all the monotone repositories would be impacted.
-
-[With CVS and GNU Arch, our solution is to rely on SSH and Unix privileges. 
Plus the Doctor setup as a kind of exception for webpages (security issue is 
cracked Apache evedropping, ie password-based auth).]
-
-
-Here's the IRC conversation.
-Since an IRC conversation is not necessarily meant for full public archival, 
I'll sum up the channel answers:
-
- * Beuc: Hey. I wonder where I could read more information about usher. I 
wonder if each database can be owned by a different group (think suExec) or if 
all have to belong to the proxy server :)
-
- * #monotone: each database has to be +rw for whoever's running the usher.
-[33 more lines...]
Monotone now probably can be used for mass hosting:

 - ssh support (read/write) - since 0.27/2006-06

 - multi-database server (read) - since 0.23/2005-09

http://mtn-host.prjek.net/ demonstrates Monotone hosting and publishes its 
source code (project 'webhost')

Technically, usher can be used for write access, but does not support 
privileges separation (one uid must have write access to all repos).

References

 There was a discussion about supporting montone at Savannah it on the 
monotone-devel list (hosted by Savannah :)) last year:
 http://lists.gnu.org/archive/html/monotone-devel/2005-08/msg00072.html

 Monotone proselitism ;) by Chad Walstrom: 
http://lists.gnu.org/mailman/private/gnu-prog-discuss/2006q2/001201.html

 (For more general discussion about supporting a new service, check 
NewServiceSupport)

Rejected Ideas

 - usher + setuid wrapper for 'mtn server': I think the authentication is 
performed after 'mtn server' is started

 - forward connection to a running server: we can't afford to let 2500 servers 
(one per project) always running in the background


--
forwarded from 
https://savannah.gnu.org/maintenance/address@hidden://savannah.gnu.org/maintenance

[Prev in Thread]

Current Thread

[Next in Thread]

[Savannah-cvs] [MonoToNe] (edit) clean-up, update (ssh support), Beuc <=

Prev by Date: [Savannah-cvs] Commit infra--main--0--patch-100
Next by Date: [Savannah-cvs] [NewServiceSupport] (edit) remove assertion that ArchZoom is slower than ViewCVS - there's no proof
Previous by thread: [Savannah-cvs] Commit infra--main--0--patch-100
Next by thread: [Savannah-cvs] [NewServiceSupport] (edit) remove assertion that ArchZoom is slower than ViewCVS - there's no proof
Index(es):
- Date
- Thread