This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: wget-1.8.2-1 ready for upload

Christopher Faylor wrote:
> On Wed, Jul 10, 2002 at 06:35:17PM -0400, Charles Wilson wrote:
> >Christopher Faylor wrote:
> >
> >
> >>(I've got to implement a way for package maintainers to do this
> >>themselves...)
> >>
> >
> >Yep.  If you only focus on auto-upload (with some sort of
> >verification...should we start signing things with GPG keys?) of
> >*existing* package, that should make the problem easier.
> >
> >First-time uploads can be handled as now: folks with login accounts do
> >it manually.
> I have always been thinking of using some kind of ssh key for a
> standard account.  Each key would only let the user access a specific
> directory.

Last year I wrote a perl script to be used by the command="script"
option in the authorized_keys file. It would check that the client
intented to run rsync, all the mandatory options where present and extra
options where all in the allowed list. Canonicalized the path arg and
verified that it was a subdir of the allowed download path. If all that
checked then it exec a recontructed safe version of the original

We can write a similar script for cygwin if that's the way to go.

the authorized_keys file would look something like:
command=" keychain ncftp wget",no-pty,no... ssh-rsa
FEDC... # Hack Kampbjorn
command=" ...

What access does maintainers need?
- Upload files
- Create directories?  Seems so for splitted packages, eg. gettext
- Download files? No we can use the mirrors or *cough* rsync *cough*
- Delete files? If old packages aren't automatically deleted by a cron
job then yes
- Delete directories?

And the requirements:
- encrypted communication?
- password authentication?
- public key authentication?
- low cpu load on sources?
- low bandwith load on sources?

And the options:
- webupload script: pass protected, cert. protected or gpg validated
- restricted ftp accounts
- restricted rsync accounts
- restricted ssh accounts
- unrestricted upload, validated afterwards
- mirroring from maintainer provided URL

> cgf

Med venlig hilsen / Kind regards

Hack Kampbjørn

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]