Repository collection practices

Thomas Arendsen Hein thomas at intevation.de
Fri Jun 30 04:31:39 CDT 2006


* Bryan O'Sullivan <bos at serpentine.com> [20060626 21:38]:
> On Mon, 2006-06-26 at 11:38 -0700, Eric Hopper wrote:
> > I do not like push over https at all.  I understand why the feature has
> > to be there.  But I find furthering the proliferation of usernames and
> > passwords to be very disturbing.
> 
> If you're using this stuff inside a firewalled network, you can either
> allow anonymous push or configure Apache to use your company's existing
> authentication mechanisms (e.g. LDAP).

Yes, that's a big plus, because Mercurial doesn't need to know about
e.g. LDAP then and can still use it.

> On the broader internet, the alternatives are to force people to use
> ssh, which is a much bigger can of worms (instead of an extra username
> and password, you're giving people full shell access); or not to push at
> all, which is hardly desirable.

That's why there is contrib/hg-ssh and friends.

Thomas

-- 
Email: thomas at intevation.de
http://intevation.de/~thomas/


More information about the Mercurial mailing list