Le Mardi 13 Juin 2006 07:04, Mark Constable a écrit : > But, perhaps, the freedom to experiment, and not being restricted > by the current codebase direction, can lead to invigorating ideas.
Indeed. > > But the thing is not simply that PHP is a pain in the ass, the fact is > > Savane requires a real system, not a ftp account, to work properly for > > usages like providing CVS, download area, etc, because the point is to > > provide developer-level tools based on SSH. And if you can have SSH, you > > definitely can have perl. > > That also leads to potentially very nasty security issues which then > have to be coded around. My approach would be to offer whatever was > needed to be done via ssh via a web interface instead... if possible. > > In my case, if I were to seriously deploy, I would HAVE to disable > all ssh access because my systems simply do not, and never will, > have normal shell accounts available. I would provide the minimum > functionality via ssh using authorized_keys commands... > > command="sudo /usr/local/bin/update_svn",no-port-forwarding ssh-dss etc If you provide something with ssh using authorized_keys commands, you actually do enable ssh access. It is less secure to have SSH than nothing at all, I concur with that. But as soon as you need to provide any kind of real access to a program that is installed on your server, SSH is probably the more secure thing. > That is mostly the case. It's the web interface I am mainly interested > in... along with svn and mailing-list management. If you can have svn on a server, you definitely can have perl on it. > I say "stiff" in the sense that Savane works fine for > exactly what it's meant for and as long as it's installed under > fairly restrictive conditions (which is all that is demanded of it) > but it doesn't lend itself to being used outside of it's scope. For instance? > FWIW I have now had more time to look at the Savane codebase and it > is indeed HUGE. I could well imagine it could take me a year to reach > the goals I envisage. I might be better off starting with websvn and > building up a project than restructuring Savane for my needs. It is unclear to me what was actually your needs. But good luck in your plans anyway :) Regards, -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+ _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
