[Python-Dev] PEP: Migrating the Python CVS to Subversion
"Martin v. Löwis"
martin at v.loewis.de
Sun Aug 7 16:07:41 CEST 2005
Jeff Rush wrote:
> BTW, re SSH access on python.org, using Apache's SSL support re https would
> provide as good of security without the risk of giving out shell accounts.
> SSL would encrypt the link and require a password or permit cert auth
> instead, same as SSH. Cert admin needn't be hard if only a single server
> cert is used, with client passwords, instead of client certs.
That is the currently-proposed setup. However, with the current
subversion clients, you will have to save your password to disk, or type
it in every time. This is the real security disk: if somebody attacks
the client machine, they get access to the python source repository.
Regards,
Martin
More information about the Python-Dev
mailing list