I theory Subversion should allow you to be more secure. CVS has a very limited concept of security and for the most part you need to rely on SSH. Subversion makes use of Apache as one of its server options. Any authentication method you can use in Apache 2 you can use for Subversion. Once Apache does the authentication, Subversion allows fairly fine grained access control. SSL can be used for encrypting communication.
Note that there are sites like Sourceforge that do provide Subversion hosting to open source projects. I don't know enough about them to be able to recommend any.
On Thu, Jul 28, 2005 at 01:20:14PM -0700, Guido van Rossum wrote:
On 7/28/05, "Martin v. L?wis" email@example.com wrote:
I'd like to see the Python source be stored in Subversion instead of CVS, and on python.org instead of sf.net. To facilitate discussion, I have drafted a PEP describing the rationale for doing so, and the technical procedure to be performed.
In principle I'm +1 on this (both aspects). I don't know enough to understand all the subtleties.
I hope we're correctly estimating the effort required to manage the server and the users. Managing users is especially important -- if a user is compromised (as has happened in the past for python.org users) the whole repository is compromised. Now this could happen to SF users too, but I'm not sure that we know all the tricks in the book to prevent attacks; SF has been doing this for years and that's an aspect of SF that I trust (I think I've heard that they have even modified their SSH server to be stricter).
-- --Guido van Rossum (home page: http://www.python.org/~guido/) _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/lambacck%40computer.org