www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

GNU Info

Info Node: (cvsclient.info)Protocol Notes

(cvsclient.info)Protocol Notes

Prev: Protocol Up: Top
Enter node , (file) or (file)node 

Notes on the Protocol
*********************

   A number of enhancements are possible.  Also see the file TODO in
the CVS source distribution, which has further ideas concerning various
aspects of CVS, some of which impact the protocol.  Similarly, the
`http://www.cvshome.org' site, in particular the `Development' pages.

   * The `Modified' request could be speeded up by sending diffs rather
     than entire files.  The client would need some way to keep the
     version of the file which was originally checked out; probably
     requiring the use of "cvs edit" in this case is the most sensible
     course (the "cvs edit" could be handled by a package like VC for
     emacs).  This would also allow local operation of `cvs diff'
     without arguments.

   * The fact that `pserver' requires an extra network turnaround in
     order to perform authentication would be nice to avoid.  This
     relates to the issue of reporting errors; probably the clean
     solution is to defer the error until the client has issued a
     request which expects a response.  To some extent this might
     relate to the next item (in terms of how easy it is to skip a
     whole bunch of requests until we get to one that expects a
     response).  I know that the kerberos code doesn't wait in this
     fashion, but that probably can cause network deadlocks and perhaps
     future problems running over a transport which is more transaction
     oriented than TCP.  On the other hand I'm not sure it is wise to
     make the client conduct a lengthy upload only to find there is an
     authentication failure.

   * The protocol uses an extra network turnaround for protocol
     negotiation (`valid-requests').  It might be nice to avoid this by
     having the client be able to send requests and tell the server to
     ignore them if they are unrecognized (different requests could
     produce a fatal error if unrecognized).  To do this there should
     be a standard syntax for requests.  For example, perhaps all
     future requests should be a single line, with mechanisms analogous
     to `Argumentx', or several requests working together, to provide
     greater amounts of information.  Or there might be a standard
     mechanism for counted data (analogous to that used by `Modified')
     or continuation lines (like a generalized `Argumentx').  It would
     be useful to compare what HTTP is planning in this area; last I
     looked they were contemplating something called Protocol Extension
     Protocol but I haven't looked at the relevant IETF documents in
     any detail.  Obviously, we want something as simple as possible
     (but no simpler).

   * The scrambling algorithm in the CVS client and server actually
     support more characters than those documented in Note: Password
     scrambling.  Someday we are going to either have to document
     them all (but this is not as easy as it may look, see below), or
     (gradually and with adequate process) phase out the support for
     other characters in the CVS implementation.  This business of
     having the feature partly undocumented isn't a desirable state
     long-term.

     The problem with documenting other characters is that unless we
     know what character set is in use, there is no way to make a
     password portable from one system to another.  For example, a with
     a circle on top might have different encodings in different
     character sets.

     It _almost_ works to say that the client picks an arbitrary,
     unknown character set (indeed, having the CVS client know what
     character set the user has in mind is a hard problem otherwise),
     and scrambles according to a certain octet<->octet mapping.  There
     are two problems with this.  One is that the protocol has no way
     to transmit character 10 decimal (linefeed), and the current
     server and clients have no way to handle 0 decimal (NUL).  This
     may cause problems with certain multibyte character sets, in which
     octets 10 and 0 will appear in the middle of other characters.
     The other problem, which is more minor and possibly not worth
     worrying about, is that someone can type a password on one system
     and then go to another system which uses a different encoding for
     the same characters, and have their password not work.

     The restriction to the ISO646 invariant subset is the best
     approach for strings which are not particularly significant to
     users.  Passwords are visible enough that this is somewhat
     doubtful as applied here.  ISO646 does, however, have the virtue
     (!?) of offending everyone.  It is easy to say "But the $ is right
     on people's keyboards!  Surely we can't forbid that".  From a
     human factors point of view, that makes quite a bit of sense.  The
     contrary argument, of course, is that a with a circle on top, or
     some of the characters poorly handled by Unicode, are on
     _someone_'s keyboard.





automatically generated by info2www version 1.2.2.9