[trimmed Cc: markedly] Stephen Hahn <sch at sun.com> writes:
> * Alan Burlison <Alan.Burlison at sun.com> [2008-07-17 21:38]: >> Stephen Hahn wrote: >> >>> Yes. My recommendation would be a shared account, having constructed >>> and operated a captive shell environment for opensolaris.org. The >>> drawbacks of that particular captive shell environment are complexity >>> and the loss of interactive login to a system. The latter seems more >>> jarring than having to manage a shared file of public keys. >> >> In which case, should we consider switching the external gate on OSO over >> to the same mechanism? The new membership database will require changes to >> the current mechanism in any case, it might be better to extract as much >> commonality as we can. > > Yes, I think so. There are a number of related features that would be > easier with one shared account per project than with the current > approach. Theres things that that makes impossible, too. Like differentiating between the user pushing a change, v. the author of the changeset(s) which they are pushing. (think request-sponsor) >> In any case I think we'd have to check that ssh was OK with a large number >> of keys in the shared file, just in case there are any nasty surprises >> lurking... > > Okay. > > - Stephen > > -- > sch at sun.com http://blogs.sun.com/sch/
