Gentoo Archives: gentoo-dev

From: Alec Warner <antarus@g.o>
To: Gentoo Dev <gentoo-dev@l.g.o>
Subject: [gentoo-dev] [PSA] If you ssh interactively to git.gentoo.org (somehow) let me know.
Date: Sat, 25 Apr 2020 21:12:19
Message-Id: CAAr7Pr-Q2U-esmCgnnjgTetX8=wwhEC0x_=b2pYedRkHVA3FZg@mail.gmail.com
1 TL;DR: if all you do is use git to commit to git.gentoo.org, you are not
2 affected and can stop reading; I know folks use git+ssh://git@××××××××××.org
3 ... to push commits, that will not change.
4
5 In the olden times Gentoo used cvs as its source control and people would
6 push their commits to the cvs server over ssh. The setup at the time was
7 that everyone who pushed had ssh access to cvs.gentoo.org.
8
9 However, Gentoo doesn't use cvs (and has not for many years[1]). The git
10 system uses 'gitolite' and people who push do so as 'git@××××××××××.org'
11 (not as themselves.) Gitolite handles the per-user multiplexing and
12 everything is happy.
13
14 However, we never took the ssh access to 'cvs.gentoo.org' away, most devs
15 can still ssh to "git.gentoo.org" as themselves. Now the access doesn't get
16 you much (ForceCommand in the authorized_keys file just runs a commit
17 wrapper, so you could try to commit to cvs or svn I guess ;p)
18
19 Thus I now plan to remove this access[0]. If you need access to ssh as
20 something not-git to git.gentoo.org, let me know in the next week.
21
22 [0] Infra users are not affected; they always had normal ssh access to this
23 host.
24 [1] Anonymous access to source trees (e.g. via anon* services) is
25 unaffected by this change.

Replies