[svnbook] r5673 committed - branches/1.8/zh/book/ ch06-server-configuration.xml
wuzhouhui at users.sourceforge.net
wuzhouhui at users.sourceforge.net
Fri Apr 27 18:52:13 CDT 2018
Revision: 5673
http://sourceforge.net/p/svnbook/source/5673
Author: wuzhouhui
Date: 2018-04-27 23:52:10 +0000 (Fri, 27 Apr 2018)
Log Message:
-----------
1.8/zh: translation of chapter 6 in progress
Modified Paths:
--------------
branches/1.8/zh/book/ch06-server-configuration.xml
Modified: branches/1.8/zh/book/ch06-server-configuration.xml
===================================================================
--- branches/1.8/zh/book/ch06-server-configuration.xml 2018-04-25 14:58:12 UTC (rev 5672)
+++ branches/1.8/zh/book/ch06-server-configuration.xml 2018-04-27 23:52:10 UTC (rev 5673)
@@ -610,6 +610,7 @@
-->
<title>建议</title>
+ <!--
<para>In general, the authors of this book recommend a vanilla
<command>svnserve</command> installation for small teams just
trying to get started with a Subversion server; it's the
@@ -616,12 +617,21 @@
simplest to set up and has the fewest maintenance issues.
You can always switch to a more complex server
deployment as your needs change.</para>
+ -->
+ <para>一般情况下, 对于想要快速搭建 Subversion 服务器的小团队而言, 本书
+ 作者推荐最普通的 <command>svnserve</command>, 它的设置最简单, 维护
+ 成本也很低. 如果有新的需求产生, 管理员总是可以切换到更复杂的部署方式.
+ </para>
+ <!--
<para>Here are some general recommendations and tips, based on
years of supporting users:</para>
+ -->
+ <para>根据支持了多年的用户的反馈, 下面列出几点一般性的建议和技巧:</para>
<itemizedlist>
<listitem>
+ <!--
<para>If you're trying to set up the simplest possible server
for your group, a vanilla <command>svnserve</command>
installation is the easiest, fastest route. Note,
@@ -633,16 +643,29 @@
repository's contents aren't sensitive (e.g., it contains
only open source code), or that you go the extra mile in
configuring SASL to encrypt network communications.</para>
+ -->
+ <para>如果管理员想为团队搭建尽可能简单的 Subversion 服务器, 那么
+ 最简单的选择就是 <command>svnserve</command>. 然而, 需要注意的是
+ 仓库的数据将在网络上以明文形式传输, 如果服务器完全部署在公司的
+ LAN 或 VPN 内部, 那就不会带来什么问题. 相反, 如果仓库可被因特网
+ 访问到, 管理员要么确保仓库存放的不是敏感数据 (例如只包含了开源
+ 的代码), 要么使用 SASL 对网络传输进行加密.</para>
</listitem>
<listitem>
+ <!--
<para>If you need to integrate with existing legacy identity
systems (LDAP, Active Directory, NTLM, X.509, etc.),
you must use either the Apache-based server
or <command>svnserve</command> configured with SASL.</para>
+ -->
+ <para>如果管理员想把已有的身份系统 (LDAP, Active Directory, NTLM,
+ X.509 等) 集成到 Subversion 服务器中, 那就必须选择基于 Apache
+ 的服务器, 或配有 SASL 的 <command>svnserve</command>.</para>
</listitem>
<listitem>
+ <!--
<para>If you've decided to use either Apache or stock
<command>svnserve</command>, create a single
<command>svn</command> user on your system and run the
@@ -653,8 +676,17 @@
siloed and protected by operating system filesystem
permissions, changeable by only the Subversion server
process itself.</para> </listitem>
+ -->
+ <para>如果管理员想使用 Apache 或 <command>svnserve</command>, 要在
+ 服务器系统中创建一个新用户 <command>svn</command>, 然后以该用户的
+ 身份运行服务器进程. 确保用户 <command>svn</command> 完全拥有仓库
+ 目录, 从安全的角度来看, 这种做法使得仓库的数据能够保持孤立, 还能
+ 利用操作系统的文件系统权限, 保证只有 Subversion 服务器进程才能修改
+ 仓库目录.</para>
+ </listitem>
<listitem>
+ <!--
<para>If you have an existing infrastructure that is heavily based
on SSH accounts, and if your users already have system
accounts on your server machine, it makes sense to
@@ -667,7 +699,17 @@
for encrypted communication still draws you to this
option, we recommend using Apache with SSL or
<command>svnserve</command> with SASL encryption
- instead.</para> </listitem>
+ instead.</para>
+ -->
+ <para>如果已有的基础设施严重依赖 SSH 账户, 并且团队成员在服务器上
+ 都有自己的系统账户, 此时比较好的部署方式是
+ <command>svnserve</command> + SSH. 但如果是对外公开的仓库, 则我
+ 们不建议这样做, 一般而言, 相比于真正的系统账户, 通过
+ <command>svnserve</command> 或 Apache 管理的 (虚假) 账户来访问
+ 仓库是一种更安全的做法. 如果管理员对加密通信仍然具有强烈的渴望,
+ 我们建议选择配有 SSL 的 Apache, 或配有 SASL 的
+ <command>svnserve</command>.</para>
+ </listitem>
<listitem>
<para>Do <emphasis>not</emphasis> be seduced by the simple
More information about the svnbook-dev
mailing list