On 12/29/10 11:03 AM, Philip Prindeville wrote:
That's unclear, I agree. I've taken it in a slightly different
direction, trying to address his concerns.
So my concern is this: I want to be able to easily, clearly, and with high
confidence set up SVN to *only* work via Apache, and no other way. And I think
that it's not unreasonable for the admin to be able to tell "svnadmin create"
which access method he plans on using.
If you don't want people to run svnserve, just remove the binary. If you don't 
want file:/// access, don't give anyone access to the filesystem or ssh 
connections.  It really seems like a waste of time to me to try to control what 
a developer with access to both the source code and the filesystem in question 
can or can't do.  I agree that making it harder to do something stupid is a good 
idea, but starting wars between developers and administrators isn't going to be 
a good idea unless the only access the machine is over http(s).
And I can say, as an admin a decade ago, that software that is simple and clear
to setup and operate is a joy in an otherwise largely thankless job (since
people only talk to you when things are broken, not when they work correctly).
But even that is a mixed bag.  If you have an existing infrastructure for 
authentication and/or client ssl certificates you are going to want software 
that is versatile enough to use it instead of forcing you to use its own 
different mechanisms.
--
  Les Mikesell
   lesmikes...@gmail.com

Reply via email to