From mboxrd@z Thu Jan 1 00:00:00 1970 From: Petr Baudis Subject: Re: [RFC] Adding a challenge-response authentication method to git:// Date: Thu, 14 Aug 2008 13:39:01 +0200 Message-ID: <20080814113901.GR10151@machine.or.cz> References: <20080813162644.GC12200@cuci.nl> <20080813163646.GO32184@machine.or.cz> <20080814074805.GA21577@linode.davidb.org> <20080814082345.GQ10151@machine.or.cz> <20080814110739.GI9680@cuci.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: David Brown , git To: "Stephen R. van den Berg" X-From: git-owner@vger.kernel.org Thu Aug 14 13:40:20 2008 Return-path: Envelope-to: gcvg-git-2@gmane.org Received: from vger.kernel.org ([209.132.176.167]) by lo.gmane.org with esmtp (Exim 4.50) id 1KTbBd-0005wu-0i for gcvg-git-2@gmane.org; Thu, 14 Aug 2008 13:40:13 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754479AbYHNLjH (ORCPT ); Thu, 14 Aug 2008 07:39:07 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753732AbYHNLjG (ORCPT ); Thu, 14 Aug 2008 07:39:06 -0400 Received: from w241.dkm.cz ([62.24.88.241]:54907 "EHLO machine.or.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753570AbYHNLjF (ORCPT ); Thu, 14 Aug 2008 07:39:05 -0400 Received: by machine.or.cz (Postfix, from userid 2001) id 96C353939B4D; Thu, 14 Aug 2008 13:39:01 +0200 (CEST) Content-Disposition: inline In-Reply-To: <20080814110739.GI9680@cuci.nl> User-Agent: Mutt/1.5.16 (2007-06-09) Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Archived-At: On Thu, Aug 14, 2008 at 01:07:39PM +0200, Stephen R. van den Berg wrote: > Well, I looked into gitosis, and it solves part of the problem, it has a > few downsides though: > > - It depends on Python for no particular reason (it might as well have > been built using shellscripts only, or if need be Perl, since git > already uses that); yet any extra dependency is creating an extra > hurdle for portability and adoption. Is this concern really any kind of practical one? To me it appears that Python and Perl are both so extremely wide-spread that this might be issue only on embedded systems, exotic systems with very low proportion of git users, and users with strong ideological opinions about the system (probably low proportion of git users too). > - It does authentication magic without properly documenting why it does > it properly. > - It explicitly warns that it needs PATH and PYTHON_PATH magic and that > using it without setting those up has not been tested; this does not > inspire confidence that the security of the solution is airtight. > > Other than that, gitosis looks fairly good if you want to use public > keys. This doesn't seem to be convincing reason for _reimplementing_ the solution. (Of course, I don't prevent you from doing that, I'm just wondering about the feasibility.) -- Petr "Pasky" Baudis The next generation of interesting software will be done on the Macintosh, not the IBM PC. -- Bill Gates