[Tracker-discuss] Subversion setup (was: Getting Started)
"Martin v. Löwis"
martin at v.loewis.de
Fri Nov 3 10:11:27 CET 2006
> Interesting setup. Is this documented somewhere? (just out of
> curiosity)
Part of it is documented in PEP 347:
http://www.python.org/dev/peps/pep-0347/
Notice in particular the "Collecting SSH keys" section;
all you need is the authorized_keys file.
So not only do we not need to provide shell access; we also
have a single Unix user (pythondev) who has access to the
actual repository data. If somebody would manage to break
into this account, they would be restricted to the rights
of the pythondev user (who can't do much more than accessign
the subversion files).
Now (and that part isn't documented) managing the authorized_keys
file is tedious in itself, so I came up to use a (different)
subversion repository for it, whose content currently looks like that:
alex.martelli
andrew.dalke
andrew.kuchling
andrew.macintyre
andrew.mcnamara
anthony.baxter
armin.rigo
barry.warsaw
...
Each file contains the ssh keys of each user, and there is a Python
script to combine them into an authorized_keys file. This Python
script is run on post-commit to this subversion repository.
In this setup, everybody currently has write access to the entire
subversion repository. If access control would ever be necessary,
we could manage an access control file the same way.
> On a more on-topic matter, who can create a repository for us?
> (A.K.A, who should I send the public part of my ssh key to?)
You can send it to me.
Regards,
Martin
More information about the Tracker-discuss
mailing list