Repository collection practices
Josef "Jeff" Sipek
jeffpc at josefsipek.net
Tue Jun 27 01:45:04 UTC 2006
On Mon, Jun 26, 2006 at 12:36:43PM -0700, Bryan O'Sullivan wrote:
> On Mon, 2006-06-26 at 11:38 -0700, Eric Hopper wrote:
>
> > I do not like push over https at all. I understand why the feature has
> > to be there. But I find furthering the proliferation of usernames and
> > passwords to be very disturbing.
>
> If you're using this stuff inside a firewalled network, you can either
> allow anonymous push or configure Apache to use your company's existing
> authentication mechanisms (e.g. LDAP).
Agreed.
> On the broader internet, the alternatives are to force people to use
> ssh, which is a much bigger can of worms (instead of an extra username
> and password, you're giving people full shell access); or not to push at
> all, which is hardly desirable.
Which is why a restricted shells are a Good Thing (tm).
Jeff Sipek.
--
The box said "Windows XP or better required". So I installed Linux.
More information about the Mercurial
mailing list