Re: Switching to read-only repository on qa host
Raphael Hertzog wrote:
> On Fri, 18 Feb 2011, Lucas Nussbaum wrote:
>> On 17/02/11 at 20:01 -0600, Raphael Geissert wrote:
>> > Unless there's any justified objection, I'm going to switch the qa
>> > repository checkout on quantz to use https instead of ssh.
>> > The side effects will be:
>> > a) no special subversion configuration will be needed for the qa user
>> > to update the repository, and
>> > b) it won't be possible to commit changes from within that checkout.
>> >
>> > It would be great if the PTS followed the change too, but that's more
>> > on hands of Raphaël Hertzog and Stefano Zacchiroli. In fact, it would
>> > be even better if that mantra becomes part of the past.
>>
>> Mmmh, I liked the fact that simple changes could be tested and committed
>> directly on the live instance.
We should better focus on providing a way to test changes without breaking
or risking the infrastructure. Most, if not all, of the qa webpages can be
run from a userdir without further changes and it will Just Work.
> I also often commit from the PTS repository on master.
>
> What's the rationale for the change?
Because in order to commit changes from qa.d.o one has to do either of
these:
a) type the password of the alioth account, which is risky
b) use an ssh key on a shared host, which again is risky and even more
because they can't be restricted to, say, only execute svnserve because
GForge rejects such kind of entries.
Switching to git could also be considered. That way people can commit and
pull changes from a repo on their $HOME on quantz (or master), test, etc,
and later push them to the alioth repo.
The idea is to stop doing risky things; especially since alioth is already
very fragile (IMHO).
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
Reply to: