Request for monotone
mmcgrath at redhat.com
Thu Dec 13 21:58:32 UTC 2007
Jesse Keating wrote:
> On Wed, 12 Dec 2007 21:33:19 -0600
> Mike McGrath <mmcgrath at redhat.com> wrote:
>> we've had a request to support monotone on hosted. Instead of having
>> this conversation in private I thought it best to put it on the
>> list. So thoughts? This is part "do we want to support monotone" and
>> part "do we want hosted to be more then svn, hg, git, bzr".
>> In general I'm happy supporting only those 4, we can't be everything
>> for everyone and AFAIK we're the only OSS project with a hosted
>> offering that supports 4 SCM's.
> So far, the SCMs we support have been driven mostly by the SCMs that
> Trac supports, with the exception to bzr which I had nothing to do with
> setting up.
> So the questions are, does Trac support monotone, does monotone lend
> itself to a hosted environment (easy ssh commit access, http anon
> access, useful web browser, easy to create empty repos for developers
> to fill, etc...), is it in EPEL, does it have a security track record,
> and uh... is there anybody on the infrastructure team that feels like
> they could become our site expert on it?
Reply (slightly edited) from Roland:
> How do we integrate access control with the Fedora Account System?
> > Can it integrate with FAS somehow?
> > Does it have easy ssh based commit access?
The ssh-based access is just like ssh-based
access to git, so the account system integration is exactly the same except
for what the forced command to run the server is.
The simplest thing is to support only ssh-based access. To
support monotone's own authenticated TCP protocol would require a simple
hook in the account system to maintain a flat file listing write-authorized
key identifiers (user at domain). (The public key bits themselves live in the
repository database and can get there just by an ssh-authorized user making
> > Does it have http based anonymous access?
No kind of direct access is based on http. It is very easy to set up its
own TCP protocol server for anonymous-only access, or to have an "anonymous"
ssh user. (With the caveat of one shared database, as I explained earlier.)
> > Does trac support it?
Not AFAIK, but I would be willing to work on it if it buys something.
We are not interested in using Trac for elfutils any time soon.
(We use Fedora bugzilla and that is all we need in the way of formality.)
> > Does it have a useful Web browser view?
Yes, see http://viewmtn.angrygoats.net/ for an example. I have not
packaged viewmtn for Fedora yet, but I would be glad to do it and make this
very simple to set up.
> > How easy is it to create new repos?
Trivial. You need a directory that the server daemon (for non-ssh server
setup) or ssh user can write, and then initialization is one quick command.
> > How long until we get monotone in EPEL?
For EL5, it's only as long as it takes me to figure out how to request the branch.
> > What is its security track record?
I've never heard of an exploit. The monotone project (http://monotone.ca)
and others have had public servers running for a long time (since long
before git existed, for example).
More information about the Fedora-infrastructure-list