Change authentication method to svn+ssh.

pep-0347.txt

@@ -71,9 +71,8 @@ Migration Procedure
 To move the Python CVS repository, the following steps need to be
 executed.  The steps are elaborated upon in the following sections.
 
-1. Assign passwords for all current committers for use on
+1. Collect SSH keys for all current committers, along with usernames
-   svn.python.org.  User names on SF and svn.python.org should be
+   to appear in commit messages.
-   identical, unless some committer requests a different user name.
 
 2. At the beginning of the migration, announce that the repository on
    SourceForge closed.
@@ -88,14 +87,28 @@ executed.  The steps are elaborated upon in the following sections.
 6. Disable CVS access on SF.
 
 
-Assign Passwords
+Collect SSH keys
 ----------------
 
-Currently, access to Subversion on svn.python.org uses WebDAV over
+After some discussion, svn+ssh was selected as the best method
-https, using basic authentication.  For this to work, authorized users
+for write access to the repository. Developers can continue to
-need to provide a password.  This mechanism should be used, at least
+use their SSH keys, but they must be installed on python.org.
-initially, for the Python CVS as well, since various committers also
+
-have a username/password pair for the www SVN repository already.
+In order to avoid having to create a new Unix user for each
+developer, a single account should be used, with command=
+attributes in the authorized_keys files.
+
+The lines in the authorized_keys file should read like this
+(wrapped for better readability)::
+
+  command="/usr/bin/svnserve --root=/svnroot -t 
+  --tunnel-user='<username>'",no-port-forwarding,
+  no-X11-forwarding,no-agent-forwarding,no-pty
+  ssh-dss <key> <comment>
+
+As the usernames, the real names should be used instead of
+the SF account names, so that people can be better identified
+in log messages.
 
 
 Downloading the CVS Repository
@@ -174,7 +187,8 @@ Publish the Repository
 The repository should be published at https://svn.python.org/projects.
 Read-write access should be granted through basic authentication to
 all current SF committers; read-only anonymous access should also be
-granted.
+granted.  Read-write access will go through 
+svn+ssh://pythondev@svn.python.org/projects.
 
 As an option, websvn (available e.g. from the Debian websvn package)
 could be provided. Unfortunately, in the test installation, websvn
@@ -220,21 +234,21 @@ The rejected alternatives are shortly discussed here:
   to the additional workload; migrating the repository again if
   they get overworked is an option.
 
-- People have expressed dislike of the basic auth (username/password)
+- Different authentication strategies were discussed. As 
-  authentication.  Two alternatives have been suggested:
+  alternatives to svn+ssh were suggested
 
-  * Subversion over SSH, using SSH key pairs for a single Unix
+  * Subversion over WebDAV, using SSL and basic authentication,
-    account, restricted to the execution of svnserve.  The pydotorg
+    with pydotorg-generated passwords mailed to the user. People
-    admins have ruled out creation of one account per committer;
+    did not like that approach, since they would need to store
-    whether a single account would be acceptable is not yet
+    the password on disk (because they can't remember it); this
-    decided.
+    is a security risk.
 
   * Subversion over WebDAV, using SSL client certificates. This would
     work, but would require us to administer a certificate authority.
 
 
 Copyright
----------
+=========
 
 This document has been placed in the public domain.