gump-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Abele <>
Subject Re: [RT] Usecase for CA / asylum -- access to gump data (eg webdav bridge)
Date Wed, 18 Jan 2006 01:33:26 GMT
On 17.01.2006, at 18:05, Leo Simons wrote:

> ...
> It would be great if there was an easy way for any ASF committer to  
> get at the
> gump build tree (eg filesystems hosted on, or on
>, or elsewhere in the future) using eg  
> something like
> WebDAV, but not for the general public. What we really don't want  
> to use for
> this is something like an rsync of the svn htpasswd file, since the  
> machines
> that gump runs on really shouldn't be trusted.

When every committer gets his/her own certificate issued by the BaDCA  
we can simply secure such an area with a SSL configuration requiring  
a valid client cert (SSLVerifyClient and SSLRequire)... this will be  
the same as for e.g. SVN access...

> I don't know how to set this up properly (perhaps a reverse proxy  
> between a
> trusted host that does the auth and the gump host running a webdav  
> server,
> with the gump host restricting access based on IP / being on the  
> internal
> network), I also don't know how well this ties into the BadCA /  
> asylum / etc
> infrastructure currently under development, but it seems there is  
> some kind of
> overlap and another possible usecase.

Just WebDAV over HTTP secured with SSL... though, first we need to  
get the CA and Asylum up and running reliably...

> Just a random thought. No clue whether I'll be able to pursue this  
> or contribute
> or whatever. Maybe someone has time :-)


View raw message