[Distutils] Python people want CPAN and how the latter came about
kiorky
kiorky at cryptelium.net
Fri Dec 25 23:05:01 CET 2009
Martin v. Löwis a écrit :
>>> Although SSH is quite a heavy development on PyPI side, it means we
>>> would have to implement
>>> an SSH server. (like Zope did I think for their development server,
>>> using Paramiko IIRC)
>> cvs.zope.org / svn.zope.org (same machine) run a stock sshd: they use
>> the "command=" prefix on users' pubkeys to limit what that key can be
>> used to do (only SVN / CVS operations for any non-admin users).
> That works well because both cvs and subversion have hard-coded support
> for a remote server application, along with a proprietary protocol.
> Adding that kind of protocol to an application that is primarily based
> on http is not straight-forward (it can be done, of course).
Additionnal to limit via the command="" prefix, making ssh wrapper scripts to
allow a subset of commands or using simple things like "rssh" is really simple
to do to just allow controlled access. We are not obliged to make the
application aware of the underlying ssh infra.
For example, we can upload our packages somewhere on 'the host' using plain scp
and we can have other mecanisms to load them in the pypi database.
> Regards,
> Martin
--
Cordialement,
KiOrKY
GPG Key FingerPrint: 0x1A1194B7681112AF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20091225/7113be26/attachment.pgp>
More information about the Distutils-SIG
mailing list