On Thu, Mar 31, 2011 at 5:38 AM, Martijn Pieters <m...@zopatista.com> wrote: > On Wed, Mar 30, 2011 at 15:08, Jim Fulton <j...@zope.com> wrote: >> We do something similar with sftp (zc.buildoutsftp). To publish eggs, >> we just use scp. >> The advantage of this is that it leverages ssh infrastructure, so *no* >> additional password management is needed. This is wildly better, IMO, >> than keeping passwords in clear text in your buildout configuration or >> in a dot file. > > That depends on your deployment scenarios. We generate separate > passwords per customer, and give them a dedicated URL to load their > private eggs from, then put the password in the buildout.cfg. To load > the buildout.cfg in the first place, the exact same password is used. > > Managing SSH accounts and keys for those customers would cost us much > more overhead, and would complicate our instructions for deployment to > them. > > On the other hand, for deployments of a buildout from a SVN repository > already served over SSH would make the sftp route the logical choice.
Some customers are too dumb to be secure. OK, makes sense. :) Seriously, I assume this is a read-only scenario, in which case having clear-text passwords laying around in prominent places seems less problematic. If they could write to the repo, then I would still have serious problems with this approach. Another approach would be to integrate with some secure key-management service (keychain) on the customer's machines, but I expect that would be as painful as helping them figure out ssh. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )