We should probably use apache. Then we can control access to the repository without giving shell accounts to all the committers.