Q: Access Control Options

Alexander Belchenko bialix at ukr.net
Thu Sep 30 12:11:10 BST 2010 

Vincent Ladeuil пишет:
>>>>>> Alexander Belchenko <bialix at ukr.net> writes:
> 
> <snip/>
> 
>     >> I'm assuming that's humor which I am unable to translate.  :)  
> 
>     > That's a sad humor. I'm even not sure it was funny.
> 
> We love you anyway :)

You're just saying that.

>     > I don't have your experience about SVN auth solutions, and
>     > therefore I don't understand why built-in ACL support in the
>     > bzr:// protocol would hurt. I would like to understand all issues
>     > here. But as my naive expectation such thing like built-in ACL
>     > and simple users management will be so easy to use for people so
>     > everybody would love to use only the fastest bzr:// protocol
>     > because it would be so easy to set it up.
> 
> The basic reason is DRY. ACLs and user management are better handled in
> other software (like ssh for exmaple) so it has never been a priority
> for us.

Yes, I understand, but even with plain ssh server it's not easy to setup 
bzr+ssh. And contrib/bzr-access script is not ideal, isn't it?

> Yet, 
> 
>   https://bugs.edge.launchpad.net/bzr/+bug/84660
>   https://bugs.edge.launchpad.net/bzr/+bug/476480
>   https://bugs.edge.launchpad.net/bzr/+bug/126911
> 
> are the related I could find.

Which is a lot bigger than I thought.

>     > For example, there is still no bzr+ssh:// support on Savannah,
>     > only sftp. Why? Maybe because bzr+ssh:// is a bit harder to
>     > setup?
> 
> Nope, the context and the constraints are totally different there.

Sorry for misunderstanding then.

>     > My personal interest in easy and built-in ACLs is to allow even
>     > the smallest company to setup bzr:// server on any spare
>     > computer. In such small companies there is no certified sysadmins
>     > at all, and people maintain their infrastructure themselves. I'm
>     > dreaming about: just install, configure (possible via qt-based
>     > wizard ;) and go!
> 
> Then it seems everybody agree that we should implement a paramiko-based
> shh server that can run with no install hassles (*not* on port 22 so
> that it doesn't have to be a full ssh server only one targeted at
> bzr+ssh and possibly several of them (one by project)).

That's would be cool. But back to bzr-access. Am I understand correctly 
something different will be used instead of the bzr-access?

-- 
All the dude wanted was his rug back

More information about the bazaar mailing list