The basic question is: why can't this go on sourceforge.net like all other source code? Some answers
This project is to set up and manage a private CVS server for use by designated developers for work on FreeS/WAN.
Shell access to the system will be by SSH2 protocol only. Keys from developers will be accepted by PGP or GPG signed message, with an established web of trust.
IP access to the system will be by IPsec protocol only. This will be done via VPN-style configuration. Opportunistic Encryption does not presently provide for appropriate access control. Pre-exchanged raw RSA keys will be used. Both static VPN and road-warrior access will be configured. Developers may have multiple tunnels.
The CVS server should also be behind an Opportunistic Encryption gateway. Ideally, this gateway has other systems behind it, to provide for some degree of defence against traffice analysis.
Backups should be done regularly, both offsite (via rsync) and offline (tape/CD). Appropriate hosts and access will be arranged by contractee.
Some mirrors will be providing anonymous CVS access. This is out of scope for the hosting contractor, but cooperation is expected.
Accounts will be created or deleted under the instruction of the board of directors of pubsoft.org.