1 |
TL;DR: if all you do is use git to commit to git.gentoo.org, you are not |
2 |
affected and can stop reading; I know folks use git+ssh://git@××××××××××.org |
3 |
... to push commits, that will not change. |
4 |
|
5 |
In the olden times Gentoo used cvs as its source control and people would |
6 |
push their commits to the cvs server over ssh. The setup at the time was |
7 |
that everyone who pushed had ssh access to cvs.gentoo.org. |
8 |
|
9 |
However, Gentoo doesn't use cvs (and has not for many years[1]). The git |
10 |
system uses 'gitolite' and people who push do so as 'git@××××××××××.org' |
11 |
(not as themselves.) Gitolite handles the per-user multiplexing and |
12 |
everything is happy. |
13 |
|
14 |
However, we never took the ssh access to 'cvs.gentoo.org' away, most devs |
15 |
can still ssh to "git.gentoo.org" as themselves. Now the access doesn't get |
16 |
you much (ForceCommand in the authorized_keys file just runs a commit |
17 |
wrapper, so you could try to commit to cvs or svn I guess ;p) |
18 |
|
19 |
Thus I now plan to remove this access[0]. If you need access to ssh as |
20 |
something not-git to git.gentoo.org, let me know in the next week. |
21 |
|
22 |
[0] Infra users are not affected; they always had normal ssh access to this |
23 |
host. |
24 |
[1] Anonymous access to source trees (e.g. via anon* services) is |
25 |
unaffected by this change. |