Re: Switching to read-only repository on qa host
On 18/02/11 at 09:11 -0600, Raphael Geissert wrote:
> Raphael Hertzog wrote:
> > On Fri, 18 Feb 2011, Lucas Nussbaum wrote:
> >> On 17/02/11 at 20:01 -0600, Raphael Geissert wrote:
> >> > Unless there's any justified objection, I'm going to switch the qa
> >> > repository checkout on quantz to use https instead of ssh.
> >> > The side effects will be:
> >> > a) no special subversion configuration will be needed for the qa user
> >> > to update the repository, and
> >> > b) it won't be possible to commit changes from within that checkout.
> >> >
> >> > It would be great if the PTS followed the change too, but that's more
> >> > on hands of Raphaël Hertzog and Stefano Zacchiroli. In fact, it would
> >> > be even better if that mantra becomes part of the past.
> >>
> >> Mmmh, I liked the fact that simple changes could be tested and committed
> >> directly on the live instance.
>
> We should better focus on providing a way to test changes without breaking
> or risking the infrastructure. Most, if not all, of the qa webpages can be
> run from a userdir without further changes and it will Just Work.
>
> > I also often commit from the PTS repository on master.
> >
> > What's the rationale for the change?
>
> Because in order to commit changes from qa.d.o one has to do either of
> these:
> a) type the password of the alioth account, which is risky
> b) use an ssh key on a shared host, which again is risky and even more
> because they can't be restricted to, say, only execute svnserve because
> GForge rejects such kind of entries.
I usually do (b) when I need to commit, and I'm still not convinced that
we need to move to another behaviour.
Lucas
Reply to: