That page would probably like a good cleanup. I don't even think creating an user is required - it's just good practice, and you probably want that user to have as few privileges as possible.
That's indeed the motivation. Buildbot slave operators need to recognize that they are opening their machines to execution of arbitrary code, even though this could only be abused by committers. But suppose a committer loses the laptop, which has his SSH key on it, then anybody getting the key could commit malicious code, which then gets executed by all build slaves. Of course, it would be possible to find out whose key has been used (although *not* from the commit message), and revoke that, but the damage might already be done. Regards, Martin P.S. Another attack vector is through the master: if somebody hacks into the machine running the master, they can also compromise all slaves. Of course, we are trying to make it really hard to break into python.org. _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
