Forum OpenACS Improvement Proposals (TIPs): TIP #56 (Rejected) Add anonymous :ext: access option to OpenACS CVS repository

Request notifications

    TIP: 56
  Title: Add anonymous :ext: access option to OpenACS CVS repository.
Version: 0.1d
Authors: Andrei Popov (ceesaxp::at::mac::dot::com)
  State: Draft
   Type: Process
   Vote: 
Created: Friday, 26 March 2004
-------------------------------------------------------

Abstract

OpenACS CVS server allows for anonymous access using :pserver: access method. A registered (CVS) user can also access the repository using :ext: method. This TIP suggests that anonymous :ext: access should also be granted. This subject has been briefly discussed in the following Forum thread: http://openacs.org/forums/message-view?message_id=161585

Rationale

Since a mega-compromise of GNU servers last year, a number of software projects have switched to disallowing :pserver: access method as being less secure. The most prominent one of such projects is GNU project iteslf (see http://savannah.gnu.org/forum/forum.php?forum_id=2752 for details)

Aside from being more secure, :ext: allows a user behind a filtering HTTP proxy or a firewall to access CVS repository. To do that one has to:

  1. Ensure that connect is available on the system
  2. Configure ~/.ssh/config as instructed above:
    ## Outside of the firewall, with HTTP proxy
    Host *
      ProxyCommand connect -H proxy.local.net:8080 %h %p
    
    ## Inside of the firewall, direct
    Host *.local.net
      ProxyCommand connect %h %p
  3. Set environment variable CVS_RSH:
    export CVS_RSH="ssh"
    or
    setenv CVS_RSH ssh
    if using (t)csh
  4. Connect to a CVS repository using :ext: method, logging in as anonymous:
    cvs -z3 -d:ext:anonymous@openacs.org:/cvsroot co -r openacs-5-0-0-final acs-core

Proposed Modifications

CVS server configuration to be modified along the lines of http://www.neuron.yale.edu/neuron/sshcvs.html to enable anonymous :ext: access.

A small addition: the link to Debian's push-mirros project from Yale site is dead.  Correct one is: http://www.debian.org/mirror/push_mirroring/

I am also trying to find details of Savannah.gnu.org setup, but am assuming that they can share it with OpenACS admins if required.

I don't see why this needs to be a TIP. This is sctrictly a system administration issue, and therefore should be decided by the system administrator, with input from the community.

-Roberto

It was suggested in the RFC thread that this should be TIPed.  Hence the TIP.
Approved.

Fine with me. Who wants to do it?

marking rejected as this did not get two approvals in one week.