OT: Re: [scponly] subversion support
Kaleb Pederson
kpederson at mail.ewu.edu
Fri Apr 8 10:46:36 EDT 2005
On Friday 08 April 2005 1:48 am, Dimitri Papadopoulos-Orfanos wrote:
[snip]
>
> Please don't take this as a critic, you certainly have good reasons to
> use Subversion this way, but it's the first time I hear of such a
> complicated way of using Subversion. The book, the Web site, all of them
> refer to svn+ssh.
The biggest reason by far not to do what you mention is that svn+ssh
permissions granularity is very poor. That is, because it happens at the
filesystem level, I can't control which hierarchies people have access to and
which one's they don't. Using https, I can use the apache path controls with
fine granularity.
Our usage scenario is actually fairly common although there are usually two
differences.
1) In general, most people use the public key mechanism to enforce that
subversion be run with a single command instead of scponly.
2) Most people use a post-commit hook to force the update on the web server
rather than allowing the users to make the change. This however, creates
other problems, as I mentioned.
I suppose that's enough on this topic.... still, I think it's perfectly
reasonable to support both svn and svnserve.
--Kaleb
More information about the scponly
mailing list