diff --git a/pep-0347.txt b/pep-0347.txt index 8743ea0fe..abc99795c 100644 --- a/pep-0347.txt +++ b/pep-0347.txt @@ -71,9 +71,8 @@ Migration Procedure To move the Python CVS repository, the following steps need to be executed. The steps are elaborated upon in the following sections. -1. Assign passwords for all current committers for use on - svn.python.org. User names on SF and svn.python.org should be - identical, unless some committer requests a different user name. +1. Collect SSH keys for all current committers, along with usernames + to appear in commit messages. 2. At the beginning of the migration, announce that the repository on SourceForge closed. @@ -88,14 +87,28 @@ executed. The steps are elaborated upon in the following sections. 6. Disable CVS access on SF. -Assign Passwords +Collect SSH keys ---------------- -Currently, access to Subversion on svn.python.org uses WebDAV over -https, using basic authentication. For this to work, authorized users -need to provide a password. This mechanism should be used, at least -initially, for the Python CVS as well, since various committers also -have a username/password pair for the www SVN repository already. +After some discussion, svn+ssh was selected as the best method +for write access to the repository. Developers can continue to +use their SSH keys, but they must be installed on python.org. + +In order to avoid having to create a new Unix user for each +developer, a single account should be used, with command= +attributes in the authorized_keys files. + +The lines in the authorized_keys file should read like this +(wrapped for better readability):: + + command="/usr/bin/svnserve --root=/svnroot -t + --tunnel-user=''",no-port-forwarding, + no-X11-forwarding,no-agent-forwarding,no-pty + ssh-dss + +As the usernames, the real names should be used instead of +the SF account names, so that people can be better identified +in log messages. Downloading the CVS Repository @@ -174,7 +187,8 @@ Publish the Repository The repository should be published at https://svn.python.org/projects. Read-write access should be granted through basic authentication to all current SF committers; read-only anonymous access should also be -granted. +granted. Read-write access will go through +svn+ssh://pythondev@svn.python.org/projects. As an option, websvn (available e.g. from the Debian websvn package) could be provided. Unfortunately, in the test installation, websvn @@ -220,21 +234,21 @@ The rejected alternatives are shortly discussed here: to the additional workload; migrating the repository again if they get overworked is an option. -- People have expressed dislike of the basic auth (username/password) - authentication. Two alternatives have been suggested: +- Different authentication strategies were discussed. As + alternatives to svn+ssh were suggested - * Subversion over SSH, using SSH key pairs for a single Unix - account, restricted to the execution of svnserve. The pydotorg - admins have ruled out creation of one account per committer; - whether a single account would be acceptable is not yet - decided. + * Subversion over WebDAV, using SSL and basic authentication, + with pydotorg-generated passwords mailed to the user. People + did not like that approach, since they would need to store + the password on disk (because they can't remember it); this + is a security risk. * Subversion over WebDAV, using SSL client certificates. This would work, but would require us to administer a certificate authority. Copyright ---------- +========= This document has been placed in the public domain.