Change authentication method to svn+ssh.

2005-08-08 07:18:17 +00:00 · 2005-08-08 07:18:17 +00:00 · d41da01c32
parent c0b589e388
commit d41da01c32
1 changed files with 32 additions and 18 deletions
--- a/pep-0347.txt
+++ b/pep-0347.txt
@ -71,9 +71,8 @@ Migration Procedure
 To move the Python CVS repository, the following steps need to be
 executed.  The steps are elaborated upon in the following sections.

-1. Assign passwords for all current committers for use on
-   svn.python.org.  User names on SF and svn.python.org should be
-   identical, unless some committer requests a different user name.
+1. Collect SSH keys for all current committers, along with usernames
+   to appear in commit messages.

 2. At the beginning of the migration, announce that the repository on
   SourceForge closed.
@ -88,14 +87,28 @@ executed.  The steps are elaborated upon in the following sections.
 6. Disable CVS access on SF.


-Assign Passwords
+Collect SSH keys
 ----------------

-Currently, access to Subversion on svn.python.org uses WebDAV over
-https, using basic authentication.  For this to work, authorized users
-need to provide a password.  This mechanism should be used, at least
-initially, for the Python CVS as well, since various committers also
-have a username/password pair for the www SVN repository already.
+After some discussion, svn+ssh was selected as the best method
+for write access to the repository. Developers can continue to
+use their SSH keys, but they must be installed on python.org.
+
+In order to avoid having to create a new Unix user for each
+developer, a single account should be used, with command=
+attributes in the authorized_keys files.
+
+The lines in the authorized_keys file should read like this
+(wrapped for better readability)::
+
+  command="/usr/bin/svnserve --root=/svnroot -t 
+  --tunnel-user='<username>'",no-port-forwarding,
+  no-X11-forwarding,no-agent-forwarding,no-pty
+  ssh-dss <key> <comment>
+
+As the usernames, the real names should be used instead of
+the SF account names, so that people can be better identified
+in log messages.


 Downloading the CVS Repository
@ -174,7 +187,8 @@ Publish the Repository
 The repository should be published at https://svn.python.org/projects.
 Read-write access should be granted through basic authentication to
 all current SF committers; read-only anonymous access should also be
-granted.
+granted.  Read-write access will go through 
+svn+ssh://pythondev@svn.python.org/projects.

 As an option, websvn (available e.g. from the Debian websvn package)
 could be provided. Unfortunately, in the test installation, websvn
@ -220,21 +234,21 @@ The rejected alternatives are shortly discussed here:
  to the additional workload; migrating the repository again if
  they get overworked is an option.

- People have expressed dislike of the basic auth (username/password)
-  authentication.  Two alternatives have been suggested:
+- Different authentication strategies were discussed. As 
+  alternatives to svn+ssh were suggested

-  * Subversion over SSH, using SSH key pairs for a single Unix
-    account, restricted to the execution of svnserve.  The pydotorg
-    admins have ruled out creation of one account per committer;
-    whether a single account would be acceptable is not yet
-    decided.
+  * Subversion over WebDAV, using SSL and basic authentication,
+    with pydotorg-generated passwords mailed to the user. People
+    did not like that approach, since they would need to store
+    the password on disk (because they can't remember it); this
+    is a security risk.

  * Subversion over WebDAV, using SSL client certificates. This would
    work, but would require us to administer a certificate authority.


 Copyright
---------
+=========

 This document has been placed in the public domain.