[Python-Dev] PEP: Migrating the Python CVS to Subversion

"Martin v. Löwis" martin at v.loewis.de
Sun Aug 7 16:07:41 CEST 2005


Jeff Rush wrote:
> BTW, re SSH access on python.org, using Apache's SSL support re https would 
> provide as good of security without the risk of giving out shell accounts.  
> SSL would encrypt the link and require a password or permit cert auth 
> instead, same as SSH.  Cert admin needn't be hard if only a single server 
> cert is used, with client passwords, instead of client certs.

That is the currently-proposed setup. However, with the current
subversion clients, you will have to save your password to disk, or type
it in every time. This is the real security disk: if somebody attacks
the client machine, they get access to the python source repository.

Regards,
Martin


More information about the Python-Dev mailing list