I sent the initial mail to Kevin (I didn't want to bother everybody with administrativia) but I just realized he's going to be out for a couple of days, plus you all have an interest in this as well (sorry, still getting used to the openness strategy here, i'm used to doing things and then telling people they're done...). I think that having a developer's repo on FastXS.net would be good, because we could as them to do the same type of setup as Seul would with ssh, it would be secure communication (passwd encrypted) and sitting on a server that is not going to be a target for attacks on their CVS system (why would anybody want to do that?). The mirror could sit on the Seul system. Please tell me if you think I'm being paranoid or just plane silly :-) People from Seul have responded, and they have two alternatives: --- Msg from Seul We can do this two ways. The first way is to set up developer accounts for each of you who wants to frob the repository. Then you can have remote copies of your repository, and do actions by setting your $CVSROOT to :ext:[EMAIL PROTECTED] This has the advantage that you can use ssh for communication, and it will be totally encrypted/authenticated. The second way is to give you accounts in the pserver system, and then you would use pserver as described in http://www.geda.seul.org/cvs.html The pserver system has kind of a hokey attempt at encryption. Basically, you'd be doing transactions in the clear. But you'd be using different passwords than the ones in /etc/passwd, so the risk is contained. Also, there is a 'guest' read-only account, so people could fetch your repository and play with it without having an account. --- End msg from Seul --- Original msg to Kevin So now we have two places to do CVS. Personally, it really doesn't matter to me where we keep our repository. I do think, however, that having two copies of it on the web may actually be a good idea. We could use one as the 'developers' CVS that all developers check their source into, and have somebody (like me :-) run a nightly job that will update 'the other' repository, which is where we'd be telling people to get the source from. For one thing, we would have a backup, which is always good, and for another since the server where the developers are checking in would be 'secret' (don't need to announce it on the web) it would have a smaller chance of being cracked or have source checked in by somebody who just guessed a password. Doing a mirred repo may have one caviat, which is that we would probably be transferring only the main branch of the development, so if anybody makes some side branches because they're experimenting, that wouldn't get reflected in the other repository. Certainly having two distinct CVS repos to which developers check in wouldn't be a good idea. I think the call should be yours - which repo do you want to go with, and do you want to have a 'mirrored' repo? m --- End original msg to Kevin The computer world is pure code, instructions and information, none of which are capable of discrimination. The computer programmer is the god of a perfectly obedient universe. Like the artist, the canvas of his creation is as expressive or inexpressive of his will and intention as he has made it to be. Liraz Siri, Internet Auditing Project
