mwhudson | so um | 20:17 |
---|---|---|
mwhudson | have we thought about adding https support for bazaar.launchpad.net at all? | 20:17 |
xnox | mwhudson, i thought we do have it.... please elaborate? | 21:33 |
mwhudson | xnox: not for accessing bzr branches over https we don't | 21:34 |
mwhudson | i think? | 21:34 |
mwhudson | there is for codebrowse | 21:34 |
xnox | ah | 21:36 |
cjwatson | mwhudson: the chances of any development that substantial happening on bzr codehosting are relatively slim | 21:47 |
mwhudson | cjwatson: it's mostly ops isn't it? but yeah | 21:47 |
mwhudson | cjwatson: this is what prompted it https://groups.google.com/d/msg/golang-nuts/bY5qSPjBUCk/FkkAujU2AQAJ | 21:48 |
mwhudson | it's slightly embarrassing | 21:48 |
cjwatson | sure - we do have it on git.launchpad.net | 21:49 |
wgrant | mwhudson: It's complicated due to domain arrangements and security. | 21:58 |
mwhudson | wgrant: bleh ok | 21:58 |
mwhudson | i don't really see why but i'm sure the details are horrible :-) | 21:59 |
wgrant | mwhudson: Users holding SFTP access to a subdomain of a webapp is a Very Bad Idea™. | 21:59 |
wgrant | We are saved today only by the Secure bit on our cookies. | 21:59 |
mwhudson | oh | 22:00 |
mwhudson | i guess we could turn off sftp but i guess the smart server provides broadly equivalent abilities? | 22:00 |
wgrant | Correct. | 22:02 |
wgrant | VFS access can't readily be eliminated. | 22:02 |
wgrant | It is possible to fix at the web server level, but the security considerations are complicated and we certainly don't have time for that now. | 22:03 |
cjwatson | Good excuse to encourage Go projects hosted on Launchpad to switch to git.launchpad.net on general principles. | 22:04 |
cjwatson | (which I realise is a little unhelpful, but aligned with general goals ...) | 22:04 |
mwhudson | can't decide whether to reply and say that or just ignore it and hope it goes away | 22:06 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!