From: Lares Moreau <lares.moreau@gmail.com>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] implementation details for GLEP 41
Date: Sat, 19 Nov 2005 18:41:29 -0700 [thread overview]
Message-ID: <1132450890.6892.85.camel@localhost> (raw)
In-Reply-To: <437FCB3B.5080204@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 2372 bytes --]
On Sat, 2005-11-19 at 19:02 -0600, Lance Albertson wrote:
> For now, I don't want to rsync more than every 30 minutes (concerns of
> overloading the main cvs server). Pylon has mentioned that the newer
> version of cvs has better commit hooks that may allow for more of a live
> replication effect, but I don't expect that to happen any time soon. I
> will try and come up with a revised version of GLEP 41 and see if
> hparker and folks will agree with this new solution.
>
> We will probably still have the blocking script on this server, but will
> be at a much higher level. This is just to prevent folks from abusing
> the service or giving out their access for other people to use. I really
> don't see that happening, but I would prefer to have some kind of
> prevention in place for infra's sake. I'll have to think out details on
> the authentication scheme for access, but I would assume it would be per
> AT and not a shared access account.
>
> Thoughts?
If any user really wanted to get the access that AT/HT's get, and the
AT/HT was so to give them it, there would be different IP addresses from
the same auth 'similaneously'. ie. logs state, IP A, IPB IPA, IPb. this
would indicate a security violation and revocation of privilege for the
AT/HT. Accomplished Via script?
Personally, If I wanted a user to have access to the same tree I had, I
would say A) chill for 12hrs, B) sync to my local mirror, C) post
ebuild.tar for them. I don't believe there is an issue with AT/HT's
disseminating access to users. However I understand the need to be
prepared in case it happens.
25-55min delay may need to be acceptable.
<brainstorming out loud>
Allow (x) access to the dedicated rsync server, not limited by time.
- Allow Devs to change this number if they feel it is necessary
- <5min access when working directly with Dev.
- number reset every (y) days.
(this means new infra, so prolly not)
Per AT Access:
Each AT upload their ssh_pub to the existing infra - use that
for ?secure? rsync auth.
</>
--
Lares Moreau <lares.moreau@gmail.com> | LRU: 400755 http://counter.li.org
Gentoo x86 Arch Tester | ::0 Alberta, Canada
Public Key: 0D46BB6E @ subkeys.pgp.net | Encrypted Mail Prefered
Key fingerprint = 0CA3 E40D F897 7709 3628 C5D4 7D94 483E 0D46 BB6E
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-11-20 1:44 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-19 17:06 [gentoo-dev] implementation details for GLEP 41 Kurt Lieber
2005-11-19 17:57 ` Danny van Dyk
2005-11-19 18:15 ` Kurt Lieber
2005-11-19 18:34 ` Simon Stelling
2005-11-19 18:45 ` Brian Harring
2005-11-19 19:03 ` Sven Vermeulen
2005-11-19 19:14 ` Kurt Lieber
2005-11-19 19:51 ` Brian Harring
2005-11-19 22:03 ` Kurt Lieber
2005-11-19 22:13 ` Lares Moreau
2005-11-19 22:30 ` Brian Harring
2005-11-19 22:47 ` Kurt Lieber
2005-11-19 22:52 ` Brian Harring
2005-11-19 23:04 ` Kurt Lieber
2005-11-20 0:26 ` Retiring devs [was Re: [gentoo-dev] implementation details for GLEP 41] Brian Harring
2005-11-20 8:07 ` Sune Kloppenborg Jeppesen
2005-11-20 12:58 ` Wernfried Haas
2005-11-20 15:10 ` Bryan Ãstergaard
2005-11-20 15:34 ` Lance Albertson
2005-11-20 15:43 ` Bryan Ãstergaard
2005-11-20 16:52 ` Ned Ludd
2005-11-20 19:40 ` Wernfried Haas
2005-11-19 23:04 ` [gentoo-dev] implementation details for GLEP 41 Tres Melton
2005-11-19 23:09 ` Lance Albertson
2005-11-19 23:33 ` Simon Stelling
2005-11-20 4:27 ` Grant Goodyear
2005-11-19 22:42 ` Kurt Lieber
2005-11-19 22:44 ` Dan Meltzer
2005-11-19 22:56 ` Kurt Lieber
2005-11-19 22:57 ` Dan Meltzer
2005-11-19 22:59 ` Dan Meltzer
2005-11-19 23:12 ` Kurt Lieber
2005-11-19 23:44 ` Lares Moreau
2005-11-20 0:13 ` Lance Albertson
2005-11-20 0:28 ` Lares Moreau
2005-11-20 1:02 ` Lance Albertson
2005-11-20 1:41 ` Lares Moreau [this message]
2005-11-20 4:25 ` Grant Goodyear
2005-11-20 4:37 ` Ned Ludd
2005-11-20 4:49 ` Lance Albertson
2005-11-20 4:42 ` Corey Shields
2005-11-20 4:50 ` Lance Albertson
2005-11-20 5:04 ` Corey Shields
2005-11-20 5:44 ` Robin H. Johnson
2005-11-20 11:29 ` [gentoo-dev] " Duncan
2005-11-20 14:49 ` Lares Moreau
2005-11-20 14:57 ` Ciaran McCreesh
2005-11-21 11:48 ` [gentoo-dev] " Duncan
2005-11-20 16:37 ` [gentoo-dev] " Corey Shields
2005-11-20 5:31 ` [gentoo-dev] CVS-Server requirements (was: implementation details for GLEP 41) Lars Weiler
2005-11-20 14:44 ` Lares Moreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1132450890.6892.85.camel@localhost \
--to=lares.moreau@gmail.com \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox