From: Petr Baudis <pasky@suse.cz>
To: "Stephen R. van den Berg" <srb@cuci.nl>
Cc: David Brown <git@davidb.org>, git <git@vger.kernel.org>
Subject: Re: [RFC] Adding a challenge-response authentication method to git://
Date: Thu, 14 Aug 2008 13:39:01 +0200 [thread overview]
Message-ID: <20080814113901.GR10151@machine.or.cz> (raw)
In-Reply-To: <20080814110739.GI9680@cuci.nl>
On Thu, Aug 14, 2008 at 01:07:39PM +0200, Stephen R. van den Berg wrote:
> Well, I looked into gitosis, and it solves part of the problem, it has a
> few downsides though:
>
> - It depends on Python for no particular reason (it might as well have
> been built using shellscripts only, or if need be Perl, since git
> already uses that); yet any extra dependency is creating an extra
> hurdle for portability and adoption.
Is this concern really any kind of practical one? To me it appears that
Python and Perl are both so extremely wide-spread that this might be
issue only on embedded systems, exotic systems with very low proportion
of git users, and users with strong ideological opinions about the
system (probably low proportion of git users too).
> - It does authentication magic without properly documenting why it does
> it properly.
> - It explicitly warns that it needs PATH and PYTHON_PATH magic and that
> using it without setting those up has not been tested; this does not
> inspire confidence that the security of the solution is airtight.
>
> Other than that, gitosis looks fairly good if you want to use public
> keys.
This doesn't seem to be convincing reason for _reimplementing_ the
solution. (Of course, I don't prevent you from doing that, I'm just
wondering about the feasibility.)
--
Petr "Pasky" Baudis
The next generation of interesting software will be done
on the Macintosh, not the IBM PC. -- Bill Gates
next prev parent reply other threads:[~2008-08-14 11:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-13 16:26 [RFC] Adding a challenge-response authentication method to git:// Stephen R. van den Berg
2008-08-13 16:36 ` Petr Baudis
2008-08-14 7:48 ` David Brown
2008-08-14 8:23 ` Petr Baudis
2008-08-14 11:07 ` Stephen R. van den Berg
2008-08-14 11:39 ` Petr Baudis [this message]
2008-08-14 12:14 ` Stephen R. van den Berg
2008-08-13 16:40 ` Shawn O. Pearce
2008-08-13 17:37 ` Stephen R. van den Berg
2008-08-13 18:08 ` Shawn O. Pearce
2008-08-14 0:10 ` Stephen R. van den Berg
2008-08-14 0:57 ` Shawn O. Pearce
2008-08-14 7:13 ` Stephen R. van den Berg
2008-08-14 9:15 ` Andreas Ericsson
2008-08-14 9:51 ` Stephen R. van den Berg
2008-08-14 17:24 ` david
2008-08-14 17:18 ` david
2008-08-14 21:00 ` Shawn O. Pearce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080814113901.GR10151@machine.or.cz \
--to=pasky@suse.cz \
--cc=git@davidb.org \
--cc=git@vger.kernel.org \
--cc=srb@cuci.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).