SSL for the bzr protocol
Ali Sabil
ali.sabil at gmail.com
Thu Aug 20 08:54:46 BST 2009
On Thu, Aug 20, 2009 at 12:31 AM, Martin Pool<mbp at canonical.com> wrote:
> 2009/8/20 Denys Duchier <denys.duchier at univ-orleans.fr>:
>> On LaunchPad, I made the following "merge proposal": Provide SSL
>> encrypted communication for the bzr protocol.
>>
>> server::
>>
>> bzr serve --keyfile FILE --certfile FILE ...
>>
>> client::
>>
>> bzr log bzrs://host/branch
>>
>> These are the merge proposals in reversed chronological order:
>>
>> https://code.launchpad.net/~denys.duchier/bzr/bzr.ssl/+merge/10254
>> https://code.launchpad.net/~denys.duchier/bzr/bzr.ssl/+merge/10190
>> https://code.launchpad.net/~denys.duchier/bzr/bzr.ssl/+merge/10175
>> https://code.launchpad.net/~denys.duchier/bzr/bzr.ssl/+merge/10163
>> https://code.launchpad.net/~denys.duchier/bzr/bzr.ssl/+merge/10147
>
> (There's probably some use case here for Launchpad supporting chained mps.)
>
>> I am currently working on:
>>
>> - STARTTLS-type encryption initiation
>> - user authentication (through plugins)
>> - operation authorization (through plugins)
>>
>> for the bzr protocol.
>
> As I'm discussing with lifeless and denys on irc, I think it's worth
> looking at running SSH self-contained within bzr using Paramiko,
> rather than inventing a similar protocol over ssl.
>
What about SASL ?
More information about the bazaar
mailing list