[MINC-development] MINC and Subversion

[Jason Lerch]

On May 9, 2007, at 8:47 AM, Andrew Janke wrote:

>> We use a simple SVN with apache setup - no SSL, just plain apache
>> authentication, and with a separately maintained set of accounts
>> (htpasswd) for write access. Not the most secure solution, but
>> hopefully enough for our purposes.
>
> Thanks for the info.  So essentially you have two types of users,
> those who can see the svn repo and those who cant.. :)  a .htpasswd
> method with svn doesn't allow for more fine-grained control does it?

Actually it does. Here's a sample of what the control file looks like:


[RMINC:/]
* = r
jason = rw
jharlap = rw
matthijs = rw

[registration:/]
jason = rw
lau = rw
matthijs = rw

In this case there are two projects, one of them (RMINC) is world 
readable as well as being writeable by three authors, and the other is 
not world readable with read-write permissions for three people. Note 
that one can use user groups as well and not just individual users. The 
accounts are kept in a separate flat text file created/modified by 
htpasswd.


> (the LDAP thing is out as the BIC still uses NIS from what I know.
> IRIX and GNU/Linux still won't hold hands and play nice)
>
>>> 1. keep on burying our heads and leave it in CVS
>>> 2. install SVN and lots of acronyms on feeble.
>>> 3. Use a third party.
>>
>> I've used google code for a different project and quite like it - but
>> all repositories have to be world readable, which might not be what 
>> you
>> want. I suspect that the desire to keep certain repositories private
>> will mean that the do it yourself solution is still best.
>
> Most interesting, care to hand out the address so that I can have a
> poke around to see what a small project would look like?

http://code.google.com/p/opcit/

(my very slowly being developed attempt to write a better Endnote - 
anyone on this list feel like helping out?).

>
> I suspect however than an external site will not really ever be
> completely sanctioned if only for political reasons.  ie: it would be
> nice if the SVN address of MINC still included bic.mni.mcgill.ca in it
> somewhere...
>
> The option that does present itself here though is to have a local
> webDAV repo at the BIC that is only open to those with passwords (ala
> .htpasswd) and then use a post-commit hook to synch it to an external
> "read for all" repo on google code or the likes.  Might be messy
> though.

I don't think that is necessary, as projects can be quite easily 
separated using the mechanism I describe above. Also note that access 
control can be even more fine-grained - i.e. the trunk of a project can 
be world readable with any of the branches limited to a set of users.

>
> I should also point out that the only code that will migrate to this
> new svn thing (if it comes into being) will be code that is on
> packages (ie: stuff that is to be released). if things are not to be
> released then either we make another separate local repo or continue
> to use CVS for these projects.

Why? Won't it be easier to fully migrate everything if you are going to 
start migrating? Then use the access control file to separate what is 
and isn't for public consumption.


Jason