On Thu, 31 Jul 2008 10:46:33 -0700 Derek Wright <drupal@dwwright.net> wrote:
On Jul 31, 2008, at 9:40 AM, Angela Byron wrote:
1. Security. pserver authentication is horribly, horribly insecure.
I think the security problems will be just as bad with SVN given the OSUOSL infrastructure. There's a way to do CVS securely (over ssh), which is basically equivalent to what we'd have to do to actually make SVN secure (as far as I know), but the OSUOSL side of this question has been "won't fixed" because it would involve giving (extremely limited) shell access to every CVS account holder:
Not that this is going to change any of your previously stated points but svn works *lovely* over https[*] and that's pretty slick if you've to deal with firewalls too. Anyway I didn't know that people could commit over a completely insecure channel as pserver. Is it? I'd say that while svn will make *my* life easier and while I do see advantages in drcs, they aren't as mature as they should be right now (not just the tools but the adoption etc...) and other than uuuh well pserver auth, I don't see any reason to move from cvs to * NOW. I think anyway that a drcs could have a great influence over the development process and the community IF handled with care and consciousness. Building up a good plan and understanding how a drcs may influence development and community requires time so I think it should be something to keep in mind right now. [*] actually it works over webdav(s) and once you've webdav you could think about other interesting applications inside drupal infrastructure. Other than "modernity" when I had to chose my rcs of choice ease of installation over a secure protocol and friendliness to firewall were the top reasons I chose svn over cvs. -- Ivan Sergio Borgonovo http://www.webthatworks.it