bzr+ssh on Windows?
Maritza Mendez
martitzam at gmail.com
Tue Aug 24 00:19:40 BST 2010
On Mon, Aug 23, 2010 at 3:42 AM, John Barstow <jbowtie at amathaine.com> wrote:
> But certainly it's a good general solution and should be documented
> (in the same place where we say passwords in authentication.conf are
> ignored over ssh).
>
>
Right. I felt like "wow" when I realized that I could remove the password
from authentication.conf. I was sitting here thinking, if I've specified
the server, plus the ssh protocol, plus the user *and* I've dropped my
public key in /home/user/.ssh/authorized_keys on server, then isn't it kind
of silly (and foolish) to have password in authentication.conf? Yes, of
course it is! So I took it out. Cool.
I also thought that it would be nice to have authentication.conf either
contain or point to my private key. I was trying to avoid setting up a
Windows replacement for ssh-agent of course. But then I started thinking...
bzr should not really need to know any more about protocols than absolutely
necessary to be a consumer of protocols. Making bzr responsible for
accessing private keys essentially puts bzr in the role of ssh-agent
handling sensitive data and violates separation of concerns. And as much as
I admire the brilliance of the bzr-core devs -- truly -- I'm not sure I want
them spending their time writing security code. Better to piggyback on
existing trusted solutions and let them stick to making bzr even greater.
~M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/bazaar/attachments/20100823/cca3b07c/attachment.htm
More information about the bazaar
mailing list