Subrepos and HTTPS

Ken Watford kwatford+hg at gmail.com
Mon Jul 12 15:56:22 UTC 2010


My group uses hgwebdir to publish repositories over HTTPS. For various
(legal) reasons, we limit not only POST but also GET requests to
require an authorized user. As a result, any attempt to pull results
in an auth challenge.

So, if we publish a repository containing several subrepos, there will
be a challenge for each and every one of them any time the user
attempts to pull. That's not good.

Sure, I could ask each user to store his password in cleartext in his
global .hgrc, but that seems suboptimal.

When the user browses our site, he gets the challenge just once per
server/realm. The browser caches the credentials. So why not do the
same in Mercurial? If multiple repositories must be queried from the
same server and the realm matches, I'd like it to ask for credentials
just once.

Whether or not that gets implemented, I still have to deal with it
soonish, so does anyone have any other ideas about this? Difficulty:
several of our users are semi-non-technical (or at least, not
interested in learning the details of using ssh keys or client
certificates or other things not pertaining to getting their work).
Subrepos might be too much for them as it is.



More information about the Mercurial mailing list