Forum OpenACS Improvement Proposals (TIPs): TIP #56 (Rejected) Add anonymous :ext: access option to OpenACS CVS repository
TIP: 56 Title: Add anonymous :ext: access option to OpenACS CVS repository. Version: 0.1d Authors: Andrei Popov (ceesaxp::at::mac::dot::com) State: Draft Type: Process Vote: Created: Friday, 26 March 2004 -------------------------------------------------------
OpenACS CVS server allows for anonymous access using :pserver: access method. A registered (CVS) user can also access the repository using :ext: method. This TIP suggests that anonymous :ext: access should also be granted. This subject has been briefly discussed in the following Forum thread: http://openacs.org/forums/message-view?message_id=161585
Since a mega-compromise of GNU servers last year, a number of software projects have switched to disallowing :pserver: access method as being less secure. The most prominent one of such projects is GNU project iteslf (see http://savannah.gnu.org/forum/forum.php?forum_id=2752 for details)
Aside from being more secure, :ext: allows a user behind a filtering HTTP proxy or a firewall to access CVS repository. To do that one has to:
- Ensure that connect is available on the system
- Configure ~/.ssh/config as instructed above:
## Outside of the firewall, with HTTP proxy Host * ProxyCommand connect -H proxy.local.net:8080 %h %p ## Inside of the firewall, direct Host *.local.net ProxyCommand connect %h %p
- Set environment variable CVS_RSH:
setenv CVS_RSH sshif using (t)csh
- Connect to a CVS repository using :ext: method, logging in as anonymous:
cvs -z3 -d:ext:firstname.lastname@example.org:/cvsroot co -r openacs-5-0-0-final acs-core
CVS server configuration to be modified along the lines of http://www.neuron.yale.edu/neuron/sshcvs.html to enable anonymous :ext: access.
I am also trying to find details of Savannah.gnu.org setup, but am assuming that they can share it with OpenACS admins if required.
Fine with me. Who wants to do it?