Re: Default performance of ‘lp:foo’ URLs

[Martin Pool]

2009/12/1 Aaron Bentley <aaron at aaronbentley.com>:
> Jonathan Lange wrote:
>> However, if anyone feels strongly enough about this to provide some
>> patches for this, I'd be happy to help them.
>
> I think we should implement bzr+http support for code hosting.  bzr will
> automatically detect bzr+http support at http URLs, so we won't have to
> change the lookup mechanism, and http will get through more firewalls
> than bzr protocol.  It also avoids increasing the number of protocol
> options we provide to users.

On the other hand, it's more likely to be messed with by firewalls (as
opposed to just failing cleanly), and while there's less startup cost
there may be more per-request cost, because of http post overhead.
(Facts needed.)

I think doing either anonymous ssh or bzr+http would be better than
bzr+tcp, for the sake of not proliferating options as you say.  If we
had ssh (anonymous or not) and then plain http as a fallback that
would be pretty simple.

I think it's nice that ssh provides some socket-level integrity
checks; these do sometimes detect network errors in a way that tells
us it's not bzr's fault.  It's not specifically more secure against
bad clients but it would protect more against people trying to
interfere with the stream.

Stephen asks:

> Is it as easy or easier for sysadmins to implement/manage this as it is to implement/manage anonymous ssh?

I think it's within measurement error which of them is easier.  It
just needs someone to do it.

-- 
Martin <http://launchpad.net/~mbp/>