[Phpmyadmin-devel] Release cycle
Robin Johnson
robbat2 at orbis-terrarum.net
Mon Feb 3 19:04:02 CET 2003
On Mon, Feb 03, 2003 at 09:00:00PM +0100, Garvin Hicking wrote:
> Okay, then I'll go that way. It's just you wanted to see different commits
> for each patch, and I am working on 4-5 items at once, which doesn't make
> me happy when I spend another week just to get the big patch split up
> again. But it's gonna work somehow.
Look at it this way for later on, say we want to revert just a single
feature at some point in time, one of the things you have done. If it is
all in one big commit, then it is really messy to split it up later on.
Code has been reverted in the past, as needed.
Additionally, when we do checkins of code, automatic emails of the
checkin are sent to the phpmyadmin-cvs mailing list. I don't know about
the others, but I certainly review a sizeable portion of the commit logs
from that mailing list usually. Code review practices certainly help a
lot in the programming world.
> I then created a public key on my webserver, and uploaded it to
> sourceforge. I now can login to the sourceforge-shell from the webserver.
> But still the cvs-password prompt pops up.
>
> I guess I don't have to forward any keys using putty because my windows-
> machine shouldn't be involved in those whole key-issue, right? I tried to
> get the ssh-agent to work, but 'ssh-add' always tells me it "Could not
> open a connection to your authentication agent.". Even though ssh-agent is
> active.
Ah, here is the first place we differ. I keep my SSH/GPG keys and other
sensitive data on a 128mb USB key device. Wherever I go, I take the key
with me. My PuTTY using Pagent reads the key when needed to act like
ssh-agent on windows, and when I use linux, ssh-add reads the key from
there as well. Those are the ONLY (well besides a backup in a safe)
copies of my private keys around. I don't want what happened to Apache
to happen to me as well (compromised via a stolen key with a weak
passphrase).
How are you running ssh-agent on linux? I recommend "eval `ssh-agent`",
those backticks are important, as they set up your shell variables to
point to the agent. ssh-add uses them to put your key in place. If you
capture the output of ssh-agent instead, it is also possible to have
multiple shells on the same machine connected to the same ssh-agent
instance.
One other thing with ssh-agent, I noticed it has a nasty tendancy to
continue running at times after you log out. So throw together something
to keep track of the PID and kill it on logout.
--
Robin Hugh Johnson
E-Mail : robbat2 at orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20030203/29eacc50/attachment.sig>
More information about the Developers
mailing list