[Python-Dev] Admin access using svn+ssh
Barry Warsaw
barry at python.org
Mon Aug 22 01:01:22 CEST 2005
On Sun, 2005-08-21 at 09:12, "Martin v. Löwis" wrote:
> It turns out that svn+ssh with a single account has limitations:
> you can only set the tunnel user when you are using a restricted
> key. In PEP 347, the plan is that the current SF project admins
> get shell access to the pythondev account, which just has been
> created.
>
> To resolve this, project admins need two different SSH keys:
> one for accessing the shell, and one for regular commit activities.
I may be totally misunderstanding, but to get shell access wouldn't I
avoid using the pythondev account and just use my own account? I'd only
need the pythondev account to access the svn repository, right? (And
actually, it might be possible to set up group permissions and
membership so that I could access the repo with either).
The number of people who need shell access should be pretty small.
I'm also a little confused about the pep. What does "admin access to
the pythondev account" mean? Do you mean the people who are going to be
managing users that can access svn? In that case, I think the system
admins (i.e. those who already have shell access to dinsdale) would be
the people managing user access to svn.
> I would suggest that the default key is used for regular commits,
> and a separate key is created for shell access. I described this
> a bit in the PEP, essentially, in .ssh/config, I have
>
> Host pythondev
> Hostname dinsdale.python.org
> User pythondev
> IdentityFile ~/.ssh/pythondev
>
> So when I do "ssh pythondev", I get the shell account; when I do
> "svn co svn+ssh://pythondev@svn.python.org/python/trunk/Modules",
> I use my default identity, which gets tunneled as "Martin v. Loewis".
I'm confused again; are you saying that we should have a host named
pythondev.python.org? I'm not sure that's necessary.
-Barry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.python.org/pipermail/python-dev/attachments/20050821/580c0311/attachment-0001.pgp
More information about the Python-Dev
mailing list