[MERGE] Allow writable bzr+http://

[John Arbash Meinel]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(this time with a patch)

The attached patch updates the documentation a little bit, and then
allows a flag to allow the WSGI app to expose a bzr+http:// connection
which can be written to.

In the new doc, I mention that we have a small impedance mismatch
between the smart protocol and authentication.

The problem is that we expect authentication to be done at a higher
level, such as by ssh or by Apache. So the smart protocol itself has no
support for Authentication. However, to Apache everything just looks
like a POST, so once you allow writing, you have allowed it to everyone
who has access to .bzr/smart.

The best I could come up with, would be to have 2 urls. Something like:

http://example.com/code/
and
http://example.com/code-rw/

Where you could have /srv/example.com/code-rw just be a symlink to
/srv/example.com/code, but it would give you another Directory entry in
Apache's config so that you could serve it by a slightly different script.

I guess the other possibility would be to have the handler be aware if
the user has been Authenticated. I assume it must be somewhere in the
wsgi environment settings. Then you could have the request handler use a
different smart_server_app which could be read-only or read-write as
directed.

I'll try to look into what that would take, and see if I can add that to
the documentation and examples.

John
=:->

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFgzhXJdeBCYSNAAMRApiAAJ435I2koZQ/Cnr3+VJ8EddQ6HeVPQCdET+k
+xKVSWaVq7gmlUyp5VwU9u8=
=L0YR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bzr_http_writable.patch
Type: text/x-patch
Size: 3151 bytes
Desc: not available
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20061215/13fe5d39/attachment.bin