Martin v. Löwis a écrit :
>>> Although SSH is quite a heavy development on PyPI side, it means we >>> would have to implement >>> an SSH server. (like Zope did I think for their development server, >>> using Paramiko IIRC) >> cvs.zope.org / svn.zope.org (same machine) run a stock sshd: they use >> the "command=" prefix on users' pubkeys to limit what that key can be >> used to do (only SVN / CVS operations for any non-admin users). > That works well because both cvs and subversion have hard-coded support > for a remote server application, along with a proprietary protocol. > Adding that kind of protocol to an application that is primarily based > on http is not straight-forward (it can be done, of course). Additionnal to limit via the command="" prefix, making ssh wrapper scripts to allow a subset of commands or using simple things like "rssh" is really simple to do to just allow controlled access. We are not obliged to make the application aware of the underlying ssh infra. For example, we can upload our packages somewhere on 'the host' using plain scp and we can have other mecanisms to load them in the pypi database. > Regards, > Martin -- Cordialement, KiOrKY GPG Key FingerPrint: 0x1A1194B7681112AF
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
