Forum OpenACS Improvement Proposals (TIPs): TIP #56 (Rejected) Add anonymous :ext: access option to OpenACS CVS repository

Collapse
1: TIP #56 (Rejected) Add anonymous :ext: access option to OpenACS CVS repository
Posted by Andrei Popov on 03/26/04 01:46 PM 
    TIP: 56
  Title: Add anonymous :ext: access option to OpenACS CVS repository.
Version: 0.1d
Authors: Andrei Popov (ceesaxp::at::mac::dot::com)
  State: Draft
   Type: Process
   Vote: 
Created: Friday, 26 March 2004
-------------------------------------------------------

Abstract

OpenACS CVS server allows for anonymous access using :pserver: access method. A registered (CVS) user can also access the repository using :ext: method. This TIP suggests that anonymous :ext: access should also be granted. This subject has been briefly discussed in the following Forum thread: https://openacs.org/forums/message-view?message_id=161585

Rationale

Since a mega-compromise of GNU servers last year, a number of software projects have switched to disallowing :pserver: access method as being less secure. The most prominent one of such projects is GNU project iteslf (see http://savannah.gnu.org/forum/forum.php?forum_id=2752 for details)

Aside from being more secure, :ext: allows a user behind a filtering HTTP proxy or a firewall to access CVS repository. To do that one has to:

  1. Ensure that connect is available on the system
  2. Configure ~/.ssh/config as instructed above: 
    ## Outside of the firewall, with HTTP proxy
Host *
  ProxyCommand connect -H proxy.local.net:8080 %h %p

## Inside of the firewall, direct
Host *.local.net
  ProxyCommand connect %h %p
  3. Set environment variable CVS_RSH: 
    export CVS_RSH="ssh"
    or 
    setenv CVS_RSH ssh
    if using (t)csh
  4. Connect to a CVS repository using :ext: method, logging in as anonymous: 
    cvs -z3 -d:ext:anonymous@openacs.org:/cvsroot co -r openacs-5-0-0-final acs-core

Proposed Modifications

CVS server configuration to be modified along the lines of http://www.neuron.yale.edu/neuron/sshcvs.html to enable anonymous :ext: access.

Collapse
2: Re: TIP# 56 (Proposed) Add anonymous :ext: access option to OpenACS CVS repository (response to 1)
Posted by Andrei Popov on 03/26/04 02:00 PM
A small addition: the link to Debian's push-mirros project from Yale site is dead.  Correct one is: http://www.debian.org/mirror/push_mirroring/

I am also trying to find details of Savannah.gnu.org setup, but am assuming that they can share it with OpenACS admins if required.

Collapse
3: Re: TIP# 56 (Proposed) Add anonymous :ext: access option to OpenACS CVS repository (response to 1)
Posted by Roberto Mello on 03/26/04 07:57 PM
I don't see why this needs to be a TIP. This is sctrictly a system administration issue, and therefore should be decided by the system administrator, with input from the community.

-Roberto

Collapse
4: Re: TIP# 56 (Proposed) Add anonymous :ext: access option to OpenACS CVS repository (response to 3)
Posted by Andrei Popov on 03/26/04 09:49 PM
It was suggested in the RFC thread that this should be TIPed.  Hence the TIP.
Collapse
5: Re: TIP# 56 (Proposed) Add anonymous :ext: access option to OpenACS CVS repository (response to 1)
Posted by Lars Pind on 04/05/04 03:31 PM
Approved.

Fine with me. Who wants to do it?

Collapse
6: Re: TIP# 56 (Proposed) Add anonymous :ext: access option to OpenACS CVS repository (response to 5)
Posted by Joel Aufrecht on 06/06/04 10:59 AM
marking rejected as this did not get two approvals in one week.