On Thu, Aug 23, 2012 at 8:28 AM, Trent Nelson <tr...@snakebite.org> wrote: > Hi folks, > > I've set up a bunch of Snakebite build slaves over the past week. > One of the original goals was to provide Python committers with > full access to the slaves, which I'm still keen on providing. > > What's a nice simple way to achieve that in the interim? Here's > what I was thinking: > > - Create a new hg repo: hg.python.org/keys. > > - Committers can push to it just like any other repo (i.e. > same ssh/authz configuration as cpython). > > - Repo is laid out as follows: > keys/ > <python username>/ > ssh (ssh public key) > gpg (gpg public key) > > - Prime the repo with the current .ssh/authorized_keys > (presuming you still use the --tunnel-user facility?).
Make ssh and gpg directories and this sounds like a usefully secure way to allow us to add extra keys (currently, there's a security hole in the fact that requests to change our registered ssh key for access are not themselves authenticated electronically) Also, nice work on getting to this point, even though it turned out to be a lot more work than you originally anticipated! Cheers, Nick. -- Nick Coghlan | ncogh...@gmail.com | Brisbane, Australia _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com