On Thu, Nov 04, 2004 at 11:11:06PM -0600, Bob Tanner wrote:

> I'm thinking regardless of the revision control system we use, we will 
> eventually have to deal with tracking user authentication info for write 
> access.

This is inevitable.  It would be convenient if you could delegate the
ability to add/remove module write access to the module owners.

Secure anonymous read-only pserver access is possible using a jail or
UML with a read-only copy of the repository.  Personally, I think it's
unnecessary and can be replaced with viewcvs + daily create-on-change
tarballs and diffs.

> I'd still like to champion arch for the pgp-signed per-commit security, as 
> well as the over all signature of the repository, in addition to a secure 
> access protocol (sftp, ssh, scp).

I agree that secure access should be a must.  I like the idea of PGP
based commits but do not find it necessary for netrek development.  If
we are to use it, then it should be transparent.  If PGP limits the
accessibility of the repository to UNIX-type operating systems, then I'd
disfavor it compared to CVS/SV over SSH which is universally available.

vanilla-devel mailing list
vanilla-devel at us.netrek.org