[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-cvs] [484] Update DownloadArea docs
|
From: |
bob |
|
Subject: |
[Savannah-cvs] [484] Update DownloadArea docs |
|
Date: |
Thu, 18 Aug 2022 18:11:18 -0400 (EDT) |
Revision: 484
http://svn.savannah.gnu.org/viewvc/?view=rev&root=administration&revision=484
Author: rwp
Date: 2022-08-18 18:11:17 -0400 (Thu, 18 Aug 2022)
Log Message:
-----------
Update DownloadArea docs
Document OpenSSH 9.0 switching to sftp by default for scp interally.
Change to allow sftp now regardless of the possible member information
leak via sftp due to Savannah being a special case of Free Software
only everywhere. Document both scp and rsync use.
Modified Paths:
--------------
trunk/sviki/DownloadArea.mdwn
Modified: trunk/sviki/DownloadArea.mdwn
===================================================================
--- trunk/sviki/DownloadArea.mdwn 2022-07-18 00:40:50 UTC (rev 483)
+++ trunk/sviki/DownloadArea.mdwn 2022-08-18 22:11:17 UTC (rev 484)
@@ -42,10 +42,10 @@
Then you can use scp to upload your file:
# Give read permissions to your files!
- chmod 644 *
+ chmod a+r ./*
# Upload the files
- scp release.tar.gz.sig release.tar.gz
you@dl.sv.nongnu.org:/releases/project/
+ scp release.tar.gz release.tar.gz.sig
YOUR_LOGIN_HERE@dl.sv.nongnu.org:/releases/YOUR_PROJECT_NAME_HERE/
Note that unlike ftp.gnu.org, Savannah doesn't enforce using GPG signatures
for releases, and doesn't verify them when they are used.
@@ -52,9 +52,12 @@
If you upload subdirectories, be sure to chmod a+rx them.
-As of 2019-06-11, rsync for upload and sftp don't work. Use scp.
-Submit support requests to Savannah administration to delete
-or move files.
+Update: <del>As of 2019-06-11, rsync for upload and sftp don't work.
+Use scp. Submit support requests to Savannah administration to delete
+or move files.</del> OpenSSH 9.0 was released on 2022-04-08 and
+switches the scp from using the legacy scp/rcp protocol to using SFTP
+protocol by default. This has caused us to review the security issues
+and we believe this is okay to use in our case.
SSH key fingerprints for dl.sv.nongnu.org:
@@ -67,10 +70,14 @@
256 SHA256:2wHx6DGCR/h1Ch2m3wGGpDMWLbefE8m1SesHCTM26eY (ED25519)
256 MD5:92:97:1c:f3:c7:1a:3d:c8:53:67:94:51:21:9f:a8:12 (ED25519)
-For example:
+For example using scp and a bash command line:
- scp cvs-1.11.22.tar.bz2 cvs-1.11.22.tar.bz2.sig
dprice@dl.sv.nongnu.org:/releases/cvs/source/stable/1.11.22/
+ scp foo-1.11.22.tar.gz{,.sig} dprice@dl.sv.nongnu.org:/releases/fooproject/
+For example using rsync (do not use -a):
+
+ rsync -tv foo-1.11.22.tar.gz{,.sig}
dprice@dl.sv.nongnu.org:/releases/fooproject/
+
The authentication method to use with scp is SSH public key (one of those
that you registered in your Savannah account).
@@ -79,7 +86,7 @@
<http://savannah.gnu.org/projects/gnulib>.
Files will appear at
-<http://download.savannah.nongnu.org/releases/project/>.
+<http://download.savannah.nongnu.org/releases/@PROJECT_NAME_HERE@/>.
This is multiplexed between all mirrors, hopefully picking a nearby and
up-to-date one. Please expect a delay of up to 24 hours for an upload on
savannah to appear on all mirrors.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Savannah-cvs] [484] Update DownloadArea docs,
bob <=