[NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Ian Lance Taylor]

[-- Attachment #1: Type: text/plain, Size: 121 bytes --]

Redirecting to overseers in case anybody wants to take this on.  I
personally have no idea what would be required.

Ian


[-- Attachment #2: Type: message/rfc822, Size: 3034 bytes --]

From: NightStrike <nightstrike@gmail.com>
To: gcc-help@gcc.gnu.org
Subject: SVN access over https (SSL)
Date: Thu, 27 Sep 2007 17:24:02 -0400
Message-ID: <b609cb3b0709271424t7e606aebrdd4af5683f28d52a@mail.gmail.com>

Currently, gcc provides access to the svn repository using the svn
protocol (svn://) as well as the http protocol (http://).  Some
sourceforge projects (not saying gcc is on sourceforge.. just citing
examples) also allow secure access via https.  This has the nice side
effect of making svn work through annoying proxies.

Can gcc add support for https access as well as the current two methods?

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Daniel Berlin]

We'd need to generate random passwords for users, since we won't be
able to authenticate them by ssh.
Not really worth it, especially since this guy doesn't even have write access.



On 28 Sep 2007 17:35:47 -0700, Ian Lance Taylor <iant@google.com> wrote:
> Redirecting to overseers in case anybody wants to take this on.  I
> personally have no idea what would be required.
>
> Ian
>
>
>
> ---------- Forwarded message ----------
> From: NightStrike <nightstrike@gmail.com>
> To: gcc-help@gcc.gnu.org
> Date: Thu, 27 Sep 2007 17:24:02 -0400
> Subject: SVN access over https (SSL)
> Currently, gcc provides access to the svn repository using the svn
> protocol (svn://) as well as the http protocol (http://).  Some
> sourceforge projects (not saying gcc is on sourceforge.. just citing
> examples) also allow secure access via https.  This has the nice side
> effect of making svn work through annoying proxies.
>
> Can gcc add support for https access as well as the current two methods?
>
>
>
>

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Ian Lance Taylor]

"Daniel Berlin" <dberlin@dberlin.org> writes:

> We'd need to generate random passwords for users, since we won't be
> able to authenticate them by ssh.
> Not really worth it, especially since this guy doesn't even have write access.

This would presumably only be for read-only anonymous access to the
sources.  I certainly agree that we shouldn't do it for write access.
Note the cited advantage of working through proxies.

Ian

> On 28 Sep 2007 17:35:47 -0700, Ian Lance Taylor <iant@google.com> wrote:
> > Redirecting to overseers in case anybody wants to take this on.  I
> > personally have no idea what would be required.
> >
> > Ian
> >
> >
> >
> > ---------- Forwarded message ----------
> > From: NightStrike <nightstrike@gmail.com>
> > To: gcc-help@gcc.gnu.org
> > Date: Thu, 27 Sep 2007 17:24:02 -0400
> > Subject: SVN access over https (SSL)
> > Currently, gcc provides access to the svn repository using the svn
> > protocol (svn://) as well as the http protocol (http://).  Some
> > sourceforge projects (not saying gcc is on sourceforge.. just citing
> > examples) also allow secure access via https.  This has the nice side
> > effect of making svn work through annoying proxies.
> >
> > Can gcc add support for https access as well as the current two methods?

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Daniel Berlin]

Most people who proxy https proxy http as well.


On 28 Sep 2007 18:27:23 -0700, Ian Lance Taylor <iant@google.com> wrote:
> "Daniel Berlin" <dberlin@dberlin.org> writes:
>
> > We'd need to generate random passwords for users, since we won't be
> > able to authenticate them by ssh.
> > Not really worth it, especially since this guy doesn't even have write access.
>
> This would presumably only be for read-only anonymous access to the
> sources.  I certainly agree that we shouldn't do it for write access.
> Note the cited advantage of working through proxies.
>
> Ian
>
> > On 28 Sep 2007 17:35:47 -0700, Ian Lance Taylor <iant@google.com> wrote:
> > > Redirecting to overseers in case anybody wants to take this on.  I
> > > personally have no idea what would be required.
> > >
> > > Ian
> > >
> > >
> > >
> > > ---------- Forwarded message ----------
> > > From: NightStrike <nightstrike@gmail.com>
> > > To: gcc-help@gcc.gnu.org
> > > Date: Thu, 27 Sep 2007 17:24:02 -0400
> > > Subject: SVN access over https (SSL)
> > > Currently, gcc provides access to the svn repository using the svn
> > > protocol (svn://) as well as the http protocol (http://).  Some
> > > sourceforge projects (not saying gcc is on sourceforge.. just citing
> > > examples) also allow secure access via https.  This has the nice side
> > > effect of making svn work through annoying proxies.
> > >
> > > Can gcc add support for https access as well as the current two methods?
>

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[NightStrike]

On 9/28/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> Most people who proxy https proxy http as well.

proxy https is much more compatible with picky proxies than http when
dealing with svn.


> On 28 Sep 2007 18:27:23 -0700, Ian Lance Taylor <iant@google.com> wrote:
> > "Daniel Berlin" <dberlin@dberlin.org> writes:
> >
> > > We'd need to generate random passwords for users, since we won't be
> > > able to authenticate them by ssh.
> > > Not really worth it, especially since this guy doesn't even have write access.

> > This would presumably only be for read-only anonymous access to the
> > sources.  I certainly agree that we shouldn't do it for write access.
> > Note the cited advantage of working through proxies.
> >
> > Ian

Precisely.  Anonymous read access only, just like sourceforge is set up.

> > > > ---------- Forwarded message ----------
> > > > From: NightStrike <nightstrike@gmail.com>
> > > > To: gcc-help@gcc.gnu.org
> > > > Date: Thu, 27 Sep 2007 17:24:02 -0400
> > > > Subject: SVN access over https (SSL)
> > > > Currently, gcc provides access to the svn repository using the svn
> > > > protocol (svn://) as well as the http protocol (http://).  Some
> > > > sourceforge projects (not saying gcc is on sourceforge.. just citing
> > > > examples) also allow secure access via https.  This has the nice side
> > > > effect of making svn work through annoying proxies.
> > > >
> > > > Can gcc add support for https access as well as the current two methods?
> >
>

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Daniel Berlin]

On 9/29/07, NightStrike <nightstrike@gmail.com> wrote:
> On 9/28/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> > Most people who proxy https proxy http as well.
>
> proxy https is much more compatible with picky proxies than http when
> dealing with svn.
>

Being an svn developer who has had to debug proxy problems, i'd
actually say exactly the exact opposite.
Most HTTPS proxies fuck it up more often than HTTP proxies.

In any case, if someone wants to buy a cert for gcc.gnu.org, i'll set
up https read-only access.
But honestly, I have real trouble seeing that it is truly that useful
when we have http access.

--Dan

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Daniel Berlin]

On 9/29/07, NightStrike <nightstrike@gmail.com> wrote:
> On 9/29/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> > On 9/29/07, NightStrike <nightstrike@gmail.com> wrote:
> > > On 9/28/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> > > > Most people who proxy https proxy http as well.
> > >
> > > proxy https is much more compatible with picky proxies than http when
> > > dealing with svn.
> > >
> >
> > Being an svn developer who has had to debug proxy problems, i'd
> > actually say exactly the exact opposite.
> > Most HTTPS proxies fuck it up more often than HTTP proxies.
> >
> > In any case, if someone wants to buy a cert for gcc.gnu.org, i'll set
> > up https read-only access.
> > But honestly, I have real trouble seeing that it is truly that useful
> > when we have http access.
>
> How much does it cost?  Also, does gnu.org itself not have one?  You
> could also just make one yourself and make gnu.org be the CA :)
>

probably $100 a year.

If we made one ourselves, we'd have to deal with all the questions
about accepting the cert, since the CA would not be in anyone's
trusted roots.

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[NightStrike]

On 9/29/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> On 9/29/07, NightStrike <nightstrike@gmail.com> wrote:
> > On 9/29/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> > > In any case, if someone wants to buy a cert for gcc.gnu.org, i'll set
> > > up https read-only access.
> > > But honestly, I have real trouble seeing that it is truly that useful
> > > when we have http access.
> >
> > How much does it cost?  Also, does gnu.org itself not have one?  You
> > could also just make one yourself and make gnu.org be the CA :)
> >
>
> probably $100 a year.
>
> If we made one ourselves, we'd have to deal with all the questions
> about accepting the cert, since the CA would not be in anyone's
> trusted roots.

Ah, I thought it was a one-time thing.  Does gnu.org not already have
one?  If it let me actually use svn through the ultra-lame proxy at my
workplace, I'd consider paying for it.

Re: [NightStrike <nightstrike@gmail.com>] SVN access over https (SSL)

[Daniel Berlin]

On 9/29/07, NightStrike <nightstrike@gmail.com> wrote:
> On 9/29/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> > On 9/29/07, NightStrike <nightstrike@gmail.com> wrote:
> > > On 9/29/07, Daniel Berlin <dberlin@dberlin.org> wrote:
> > > > In any case, if someone wants to buy a cert for gcc.gnu.org, i'll set
> > > > up https read-only access.
> > > > But honestly, I have real trouble seeing that it is truly that useful
> > > > when we have http access.
> > >
> > > How much does it cost?  Also, does gnu.org itself not have one?  You
> > > could also just make one yourself and make gnu.org be the CA :)
> > >
> >
> > probably $100 a year.
> >
> > If we made one ourselves, we'd have to deal with all the questions
> > about accepting the cert, since the CA would not be in anyone's
> > trusted roots.
>
> Ah, I thought it was a one-time thing.  Does gnu.org not already have
> one?

Dunno if the have a wildcard cert (IE *.gnu.org)

Anyone else know?

 >If it let me actually use svn through the ultra-lame proxy at my
> workplace, I'd consider paying for it.