[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] merging in "serve raw 'automate stdio' over network
|
From: |
Timothy Brownawell |
|
Subject: |
Re: [Monotone-devel] merging in "serve raw 'automate stdio' over network" |
|
Date: |
Sun, 18 Jan 2009 00:17:02 +0000 |
On Sat, 2009-01-17 at 20:46 +0000, Timothy Brownawell wrote:
> Branch net.venge.monotone.tbrownaw.serve_automate adds a --bind-automate
> option to 'mtn serve', to allow serving raw automate stdio over the
> network. This doesn't have any authentication, so it's only safe for
> private interfaces (127.x.x.x).
>
> This allows for concurrent netsync and "automate stdio" access to a db.
>
> Does anyone object to merging this? (Maybe someone wants to add
> authentication and a command to act as a front-end first, so it can
> safely be run on on public interfaces?)
I should also mention that I'm thinking we eventually want to move to
SSH2 for encryption/authentication (pending finding a good server-side
SSH2 library, there only seem to be client-only libraries available
now). This would let us only need to listen in one place for both
netsync and stdio (and whatever else we might come up with), and would
also mean not needing to keep our own authentication code or write our
own encryption code (I know I've seen requests for encrypted netsync).
So I'd think un-secured stdio would be more useful for now than no
network stdio, and we can clean up the networking later. But maybe
there's a maintainable way to extend our current authentication to
networked 'automate stdio', or maybe the potential for confusion
resulting in putting an insecure protocol on a public interface is too
great...
--
Timothy
Free (experimental) public monotone hosting: http://mtn-host.prjek.net