Petr Baudis wrote:
>On Thu, Aug 14, 2008 at 12:48:05AM -0700, David Brown wrote:
>> The problem is that ssh ties you in very closely with the ability to
>> log into the machine. It's also hard to limit what ssh allows while
>> still allowing some users more priveleges.
>Can you elaborate, in light of git-shell and Gitosis? What's the
>problem?
Well, I looked into gitosis, and it solves part of the problem, it has a
few downsides though:
- It depends on Python for no particular reason (it might as well have
been built using shellscripts only, or if need be Perl, since git
already uses that); yet any extra dependency is creating an extra
hurdle for portability and adoption.
- It does authentication magic without properly documenting why it does
it properly.
- It explicitly warns that it needs PATH and PYTHON_PATH magic and that
using it without setting those up has not been tested; this does not
inspire confidence that the security of the solution is airtight.
Other than that, gitosis looks fairly good if you want to use public
keys.
--
Sincerely,
Stephen R. van den Berg.
"Hold still, while I inject you with SQL."
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
