[Zope-dev] [Distutils] [buildout] "private" releases

Martijn Pieters mj at zopatista.com
Thu Mar 31 05:38:33 EDT 2011


On Wed, Mar 30, 2011 at 15:08, Jim Fulton <jim at zope.com> wrote:
> We do something similar with sftp (zc.buildoutsftp).  To publish eggs,
> we just use scp.
> The advantage of this is that it leverages ssh infrastructure, so *no*
> additional password management is needed.  This is wildly better, IMO,
> than keeping passwords in clear text in your buildout configuration or
> in a dot file.

That depends on your deployment scenarios. We generate separate
passwords per customer, and give them a dedicated URL to load their
private eggs from, then put the password in the buildout.cfg. To load
the buildout.cfg in the first place, the exact same password is used.

Managing SSH accounts and keys for those customers would cost us much
more overhead, and would complicate our instructions for deployment to
them.

On the other hand, for deployments of a buildout from a SVN repository
already served over SSH would make the sftp route the logical choice.

-- 
Martijn Pieters


More information about the Zope-Dev mailing list