Re: Proposal: gnome-user-share

[Rodney Dawes <dobey novell com>]

On Wed, 2004-12-01 at 13:40 +1100, Jeff Waugh wrote:
> <quote who="Rodney Dawes">
> 
> > Does gnome-user-share do everything over https and take advantage of all
> > that extra robustness that you keep going on about? As Sean stated, to do
> > so, you would have to go edit a bunch of text files and run command line
> > utilties to set up all the htpasswd stuff, and aliases to point to other
> > directories than ~/Public.
> 
> Perhaps you should try g-u-s. It already handles htpasswd stuff, and having
> an https option would not be a huge chunk of work.

I have tried g-u-s. This must be a recent addition (ie, since I tried
g-u-s and decided that a better solution could be done). But still, it
only does a single password for a single directory. This isn't something
I would necessarily call "robust". And that still doesn't solve the
issue of wanting to share multiple directories.

> > And also, please point me to all the security holes in libsoup and
> > epittance, if you are going to market "secure web server" for the
> > inclusion of g-u-s.
> 
> I don't think it's a ridiculous idea to trust Apache more than libsoup in
> this case.

I don't think it's a ridiculous idea to not require Apache and mod_dav
to share a few files in a user's home directory. It's not a question of
trust that I am bringing up. You are making it a trust issue. If you
really don't trust libsoup, then audit it, please. It is something that
multiple parts of the desktop already use. Building Apache and mod_dav
is not exactly a trivial task (unless that's also changed recently).
Feel free to go and add the two modules and all their dependencies to
jhbuild though, so people can properly test gnome-user-share for
inclusion in 2.10. 

-- dobey