On Thu, Mar 31, 2011 at 5:38 AM, Martijn Pieters <mj@zopatista.com> wrote:
On Wed, Mar 30, 2011 at 15:08, Jim Fulton <jim@zope.com> wrote:
We do something similar with sftp (zc.buildoutsftp). To publish eggs, we just use scp. The advantage of this is that it leverages ssh infrastructure, so *no* additional password management is needed. This is wildly better, IMO, than keeping passwords in clear text in your buildout configuration or in a dot file.
That depends on your deployment scenarios. We generate separate passwords per customer, and give them a dedicated URL to load their private eggs from, then put the password in the buildout.cfg. To load the buildout.cfg in the first place, the exact same password is used.
Managing SSH accounts and keys for those customers would cost us much more overhead, and would complicate our instructions for deployment to them.
On the other hand, for deployments of a buildout from a SVN repository already served over SSH would make the sftp route the logical choice.
Some customers are too dumb to be secure. OK, makes sense. :) Seriously, I assume this is a read-only scenario, in which case having clear-text passwords laying around in prominent places seems less problematic. If they could write to the repo, then I would still have serious problems with this approach. Another approach would be to integrate with some secure key-management service (keychain) on the customer's machines, but I expect that would be as painful as helping them figure out ssh. Jim -- Jim Fulton http://www.linkedin.com/in/jimfulton