Comment 9 for bug 126911

Michael B. Trausch (mtrausch) wrote :

Because I am not on the list or anything like that, I will place my own comments on this issue here—I think that it would be very much desirable to have some sort of basic authentication built-in to the bzr protocol, much like what svnserve does for repositories serviced under it. Perhaps a simple config file under the repo/branch directory that specifies a username and password for access, and then access by "group" or category... for example, users who are anonymous can do nothing, users who authenticate in the "drones" category can commit, and users who authenticate as non-programmers can read. Or anon = read, authenticated user=write, or whatever.

It wouldn't need to be terribly complex for many use cases... it's rather ad-hoc anyway. If the user requires encryption and thus protection of their repository when transmitted over the wire, they should be using https:// or bzr+ssh://, but there are some users who (admittedly thinking in the model of centralized development) would want to have a simple bzr:// that just works with usernames and passwords setup for it.

Just my 2¢...