On Tue, Jul 10, 2007 at 11:33:44AM +0530, dhruva wrote: > Hi, > I went through the complete document and suggested methods (tor did > not work either). For port 443 approach, the catch is here. > > -- Part of the document from the link you had sent ---- > Note: we implemented that method, without warranty, for project member > SSH access only - not anonymous access. Anonymous access is available > via pserver which ought to be available to you, just like HTTP. > -- Part of the document from the link you had sent ---- > > The have enabled 443 as an alternative to 22. Port 22 is used only by > project members with commit access. It does not really help people > like me (involved in the emacs project but not part of the core). > > On 7/6/07, Richard Stallman <[EMAIL PROTECTED]> wrote: > >Savannah CVS on port 443 was moved to download.savannah.gnu.org, > >but this wasn't documented. It is now documented in > >http://savannah.gnu.org/maintenance/CvsFromBehindFirewall. > > > >If this doesn't work for you, please write to [EMAIL PROTECTED] > >If they can't or don't help you, please write to me personally. > > Thank you for taking this up seriously. Since it is a policy issue, I > decided to mail it to this list too. > > -dhruva
Hi Dhruva, Exactly, why is your access to port 2401 blocked? We'll need all information leading to such restrictions before to make a decision. If your admin also blocked Tor nodes, which is usually the simplest way to bypass outgoing traffic restrictions, I think (s)he is serious about not allowing you to use our CVS service, and will probably use any mean to continue blocking you (IP-based restrictions, checking that traffic is TLS/SSL traffic and not pserver traffic, rejecting outgoing traffic on port 443, delegating https encryption to the proxy etc.), unless (s)he can be convinced that CVS access is an acceptable use of the network. RMS wrote: > Maybe we need to make pserver available on port 443 on some IP. > Savannah people, is that feasible? Providing each and every Savannah service on port 443 on a different IP adress doesn't scale, because: - we offer many services, - we don't have that many IP adresses, - port 443 is usually already taken by https; there can be only one https website per IP, which makes that port even more precious, - additional IP adresses cost money. One may point that not all services would require such a trick; services like GNU Arch or Git provide read-only access or fall-back read-only access via HTTP, so maybe we can make exceptions for CVS. But write access always require port 22, and yet another IP if we want access to port 443. So any new service will usually require 1 IP address for normal access, and 1 or 2 additional IP adresses for "firewall bypassing" access. Note that ultimately, nothing forbids you from using a dedicated virtual server (9USD/mo) or any external machine you control (eg your computer at home), and perform the redirection from port 443 to Savannah yourself. Check the documentation again, a spam bot recently reverted the documentation on that topic, and I also completed it today. This means you are not dependent on us for bypassing the proxy. So, once we know why your outgoing traffic to CVS is blocked, we'll either order a new IP on which we can bind cvs-pserver on port 443, or find a better way for you to access CVS. Again, if everything passes through port 443, network admins will implement other ways to restrict outgoing traffic, if that's what they want, so in the long run this doesn't sound like a good solution. We're also open to alternatives :) -- Sylvain
