You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Sean Cavanaugh <se...@dimensionalrift.com> on 2004/02/23 09:36:58 UTC
slashdot stuff
I'm mostly a lurker and svn user but I've noticed some commonality in
some of the Slashdot posts and my experience I would like to point out.
For whatever reason, the documentation causes people to feel the
primary or only method of access to the svn database is through Apache.
Maybe its due to being mentioned first in the first thing they see on
the subject (not necessarily the official manual), or talked about the
most. Whatever the cause, its definitely a problem, as I'm sure many
people would be happy to run svnserve, and would definitely prefer it
that way. The svnserve approach is definitely an order of magnitude
easier, especially for people migrating from CVS. Having to setup svn
with even just plain apache, let alone apache-ssl and all of its
configuration needs, is quite an experience for first timers. I
remember spending a good chunk of a day just trying to work out how to
make a long-term custom self-signed ssl cert for apache . . . Things
like that can be annoying. Then there's setting up apache auth (also
quite a task for a first timer) etc. Its just huge.
I've seen posts about dangers of running multiple users with ssh
tunneled svnserve. Whats up with that? Please tell me this is typical
slashdot misinformation. The programmer in me screams that this has to
be something that the Berekely DB libraries should be dealing with and
not Subversion. Even if this is not true, then svnserve itself should
deal with that on some level relatively easily . . .
In my world, about the only thing I'd say is missing from Subversion
is a nice clean built-in way of handling having files require exclusive
check-out. If you work with a huge amount of binary data such as
bitmaps or office documentation, its pretty much a required feature. I
know its possible to work with it as it is now, but its just not the
same. For example, two separate changes to the same bitmap need to be
made a serial process somewhere, and software is much better about
enforcing it than people ever will be. I suspect throwing another layer
between the art tools and subversion would just be too much for most
people to accept. Its hard enough selling one tool to a team. The
layered approach would have to be understood by the other useful tools
like RapidSVN and TortoiseSVN etc, and thats just not likely to be
consistent everywhere. I'd hate to pass up the 'good tool' because the
'bad tool' is the only one that can do 'layered feature X'.
I don't care what backend database svn uses as long as it scales to
a petabyte or two :) Art source plus histories can easily hit several
terrabytes now, and this is still growing quite rapidly. Right now we
are using CVS for code and a custom in-house thing for art. It would be
nice to have everything using the same system (just for ease of backup
management alone), but you can't have everything I guess.
There are obviously a lot of problems with the .svn directory name
on Windows due to the Windows shell and various other apps that are
poorly written. I know this sucks, but change the . to something else !
or # for example. They suite the purpose just as well and will
definitely work. I love making first time cvs users at work make their
.ssh directory in their home directories on their Windows boxes. Its
become a sadistic little intelligence/knowledge test I have now to see
if they can create that directory or not (and how fast they do it). You
guys didn't expect to make a Windows app without some workarounds for
stupid stuff did you?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: slashdot stuff
Posted by Travis P <sv...@castle.fastmail.fm>.
On Feb 23, 2004, at 8:01 AM, Ben Collins-Sussman wrote:
> Sean Cavanaugh wrote:
>
>> For whatever reason, the documentation causes people to feel the
>> primary or only method of access to the svn database is through
>> Apache.
>
> We've been working hard to change that perception, in the book, as
> well as the FAQ and other website docs. Can you give us specifics? I
> see someone say "we need apache?" in a slashdot post, but he's
> immediately corrected by someone else. That tells me our campaign is
> working. :-)
I haven't looked at the Slashdot thread, but let me suggest the
front-page feature list at http://subversion.tigris.org/ could give
people the impression:
----
* Apache as network server, WebDAV/DeltaV for protocol (separate
standalone server also available)
Subversion uses the HTTP-based WebDAV/DeltaV protocol for network
communications, and uses the Apache web server to provide
repository-side network service. This gives Subversion a big advantage
in stability and interoperability, and provides various key features
for free: authentication, basic authorization, wire compression, and
repository browsing, for example. For people who simply want to tunnel
a custom protocol over ssh, Subversion also has a basic standalone
server process.
----
From that bullet (and there no others on the topic in that list), I
could see how someone might assume there is only the Apache
http:/https: protocols and the ssh+svn: protocol (or svn: over a
tunneled ssh connection, but if/when people look deeper into the docs,
they are likely to think of that as ssh+svn: as we've seen on this
list, even though it is very different--though maybe the docs have been
updated to clarify this). svnserver svn: as an alternative network
access method by itself, without ssh, is not mentioned in the feature
list and with their mind already set about what they will find in the
rest of the documentation, new users may just see what they expect to
see and miss the good alternatives.
-Travis
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: slashdot stuff
Posted by Ben Collins-Sussman <su...@collab.net>.
Sean Cavanaugh wrote:
> For whatever reason, the documentation causes people to feel the
> primary or only method of access to the svn database is through Apache.
We've been working hard to change that perception, in the book, as well
as the FAQ and other website docs. Can you give us specifics? I see
someone say "we need apache?" in a slashdot post, but he's immediately
corrected by someone else. That tells me our campaign is working. :-)
> I've seen posts about dangers of running multiple users with ssh
> tunneled svnserve. Whats up with that? Please tell me this is typical
> slashdot misinformation. The programmer in me screams that this has to
> be something that the Berekely DB libraries should be dealing with and
> not Subversion. Even if this is not true, then svnserve itself should
> deal with that on some level relatively easily . . .
Using a database means taking some care so that different users don't
clobber permissions for each other on the database files. (CVS has the
same problems, really.) Read 'using multiple servers' at the end of
chapter 6 in the book. It's doable, but if you want the least headache,
you'll avoid file:/// and svn+ssh:// access completely, and only allow a
network server process to ever touch the database, via svn:// and http://.
If you're an svnserve user, take a look at the book again. It now has
its own built-in authentication and authorization. You don't have to
use svn+ssh:// to authenticate anymore.
>
> In my world, about the only thing I'd say is missing from Subversion
> is a nice clean built-in way of handling having files require exclusive
> check-out.
Yes, it's high priority for new post-1.0 features.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: slashdot stuff
Posted by Tobias Ringström <to...@ringstrom.mine.nu>.
Greg Hudson wrote:
>I also get a general feeling that people using this kind of setup
>(svn+ssh with multiple users) tend to experience a more frequent need
>for BDB recovery. This could be a phantom impression caused by the
>umask issue, or there could be some kind of shutdown bug. It's really
>hard to tell.
>
>
I think that mostly happened because we used to not ignore SIGPIPE. Now
that we do that, it shouldn't happen anymore.
/Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: slashdot stuff
Posted by Greg Hudson <gh...@MIT.EDU>.
On Mon, 2004-02-23 at 04:36, Sean Cavanaugh wrote:
> I've seen posts about dangers of running multiple users with ssh
> tunneled svnserve. Whats up with that?
Well, primarily, you have to make sure that everyone's using the correct
umask. I volunteered to add a feature to svnserve to set the umask
according to a repository configuration option, but people didn't like
the idea (because it's access-method-dependent).
I also get a general feeling that people using this kind of setup
(svn+ssh with multiple users) tend to experience a more frequent need
for BDB recovery. This could be a phantom impression caused by the
umask issue, or there could be some kind of shutdown bug. It's really
hard to tell.
One idea I'm kind of excited about it using the new svnserve
--tunnel-user feature to use svn+ssh with a single system account and
multiple ssh keys. I'm not sure if it will be any more robust (apart
from evading the umask issue), but a lot of people are uncomfortable
with having a system account for each developer, no matter how
restricted. At any rate, the --tunel-user feature won't appear in a
release until Subversion 1.1.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org