From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <overseers-return-11290-listarch-overseers=sources.redhat.com@sourceware.org>
Received: (qmail 9896 invoked by alias); 5 Dec 2010 00:21:43 -0000
Received: (qmail 9888 invoked by uid 22791); 5 Dec 2010 00:21:41 -0000
X-SWARE-Spam-Status: No, hits=-2.1 required=5.0
	tests=AWL,BAYES_00
X-Spam-Check-By: sourceware.org
Received: from dair.pair.com (HELO dair.pair.com) (209.68.1.49)
    by sourceware.org (qpsmtpd/0.43rc1) with SMTP; Sun, 05 Dec 2010 00:21:37 +0000
Received: (qmail 19467 invoked by uid 20157); 5 Dec 2010 00:21:35 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 5 Dec 2010 00:21:35 -0000
Date: Sun, 05 Dec 2010 00:21:00 -0000
From: Hans-Peter Nilsson <hp@bitrange.com>
To: Daniel Kraft <d@domob.eu>
cc: overseers@gcc.gnu.org
Subject: Re: Write access from compile farm
In-Reply-To: <4CFA1571.5030300@domob.eu>
Message-ID: <alpine.BSF.2.00.1012041908010.12189@dair.pair.com>
References: <4CFA1571.5030300@domob.eu>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Mailing-List: contact overseers-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <overseers.sourceware.org>
List-Archive: <http://sourceware.org/ml/overseers/>
List-Post: <mailto:overseers@sourceware.org>
List-Help: <mailto:overseers-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: overseers-owner@sourceware.org
X-SW-Source: 2010-q4/txt/msg00067.txt.bz2

On Sat, 4 Dec 2010, Daniel Kraft wrote:

> some time ago I started using the GCC compile farm for development; so I'm
> wondering whether it is ok to have SVN write access from the accounts there --
> or this is considered insecure.  What are the policies there?
>
> As SVN write authentication is done with a public key, I guess that this means
> you have to set the access up appropriately up for any machine I want to use
> for check-in, right?  So... in case the write-access from compile farm is ok,
> can I generate a public key there and submit it to you -- or what should I do?

Assuming those who set policies don't disagree, and you're
talking about interactive session (i.e. not a cron job or robot)
just forward the *auhentication session*, no need to forge a new
key or deal with copying keys.  Look at what ssh says about its
-A option and ForwardAgent config.  (It might even be the
default for you.)  I'm not sure, but you might have to have
ssh-agent running.

(FWIW, no I wouldn't do that.  I just copy the patch and commit
from my "console" machine.  You say "tin-foil", I say "hats".)

brgds, H-P