[Users] Release: http vs. https in the manifest?

Erik Schnetter schnetter at cct.lsu.edu
Mon Nov 22 18:48:05 CST 2010


Ian Hinder just pointed out to me that our Einstein Toolkit thorn list
as well as our beginners' tutorial use https for anonymous access to
various svn repositories. This often leads to problems when
certificates are either not installed correctly, or when the local svn
installation cannot verify the certificates because the certificate is
too new. We discussed this before, and decided that the best way to
avoid this problem is to use plain http for anonymous checkout. Since
all code is public this does not seem to be a security issue.

However, our thorn list still uses https in many cases. I have just
updated our thorn list to use http instead of https for anonymous
access, essentially adding an AUTH_URL for every URL, and modifying
the URL to use http instead of https. Only SimFactory and LSUThorns
cannot be accessed via plain http.

Should we make this modification before the release? I have tested the
resulting thorn list, and find no problems with it; if anything, the
checkout is now faster. This does not make any changes to the content
of our software, but only changes the way in which the repositories
are accessed. I would vote in favour, since (a) we decided to do this
some time ago, and (b) testing this is easy.

I attach the new einsteintoolkit.th for your convenience.

-erik

-- 
Erik Schnetter <schnetter at cct.lsu.edu>   http://www.cct.lsu.edu/~eschnett/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: einsteintoolkit.th
Type: application/octet-stream
Size: 7488 bytes
Desc: not available
Url : http://lists.einsteintoolkit.org/pipermail/users/attachments/20101122/8e816a99/attachment.obj 


More information about the Users mailing list