Repository collection practices
Thomas Arendsen Hein
thomas at intevation.de
Fri Jun 30 04:31:39 CDT 2006
* Bryan O'Sullivan <bos at serpentine.com> [20060626 21:38]:
> On Mon, 2006-06-26 at 11:38 -0700, Eric Hopper wrote:
> > I do not like push over https at all. I understand why the feature has
> > to be there. But I find furthering the proliferation of usernames and
> > passwords to be very disturbing.
>
> If you're using this stuff inside a firewalled network, you can either
> allow anonymous push or configure Apache to use your company's existing
> authentication mechanisms (e.g. LDAP).
Yes, that's a big plus, because Mercurial doesn't need to know about
e.g. LDAP then and can still use it.
> On the broader internet, the alternatives are to force people to use
> ssh, which is a much bigger can of worms (instead of an extra username
> and password, you're giving people full shell access); or not to push at
> all, which is hardly desirable.
That's why there is contrib/hg-ssh and friends.
Thomas
--
Email: thomas at intevation.de
http://intevation.de/~thomas/
More information about the Mercurial
mailing list