From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.50)
	id 1EdeGH-0000ts-SK
	for garchives@archives.gentoo.org; Sun, 20 Nov 2005 01:44:58 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAK1hgLe019187;
	Sun, 20 Nov 2005 01:43:42 GMT
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.207])
	by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAK1fnjv021027
	for <gentoo-dev@lists.gentoo.org>; Sun, 20 Nov 2005 01:41:49 GMT
Received: by zproxy.gmail.com with SMTP id z3so447145nzf
        for <gentoo-dev@lists.gentoo.org>; Sat, 19 Nov 2005 17:41:49 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:subject:from:to:in-reply-to:references:content-type:date:message-id:mime-version:x-mailer;
        b=H89BJcAOY8ZvLqXvyXoODG85RpirDf3wE2udAFcGX8WnY0rOf65vzzDmzH9YPalIKf+ruYmVkdLQBN3L7itdXC9XsoWogST19g71VWZmQH2X0ZHjjit4cgrHmhR5Vrtz2MsLTpSVk7bUiFCnm9hBWnVjEC1xUwH0QUh8kRkf9lI=
Received: by 10.37.2.53 with SMTP id e53mr1444026nzi;
        Sat, 19 Nov 2005 17:41:49 -0800 (PST)
Received: from ?176.16.10.26? ( [68.144.157.61])
        by mx.gmail.com with ESMTP id 36sm223820nza.2005.11.19.17.41.47;
        Sat, 19 Nov 2005 17:41:48 -0800 (PST)
Subject: Re: [gentoo-dev] implementation details for GLEP 41
From: Lares Moreau <lares.moreau@gmail.com>
To: gentoo-dev@lists.gentoo.org
In-Reply-To: <437FCB3B.5080204@gentoo.org>
References: <20051119170615.GW12982@mail.lieber.org>
	 <20051119224241.GC12982@mail.lieber.org>
	 <46059ce10511191444u26638588qbba94f158c19327e@mail.gmail.com>
	 <20051119225650.GE12982@mail.lieber.org>
	 <1132443878.6892.57.camel@localhost>  <437FBFB8.8070207@gentoo.org>
	 <1132446526.6892.63.camel@localhost>  <437FCB3B.5080204@gentoo.org>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-BTenHg5y6LojEMmqeJJa"
Date: Sat, 19 Nov 2005 18:41:29 -0700
Message-Id: <1132450890.6892.85.camel@localhost>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3 
X-Archives-Salt: 44db7d1d-0980-4869-b844-9defa7364dad
X-Archives-Hash: af056df6a7950cc9d1934d93b2ca0d09


--=-BTenHg5y6LojEMmqeJJa
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sat, 2005-11-19 at 19:02 -0600, Lance Albertson wrote:

> For now, I don't want to rsync more than every 30 minutes (concerns of
> overloading the main cvs server). Pylon has mentioned that the newer
> version of cvs has better commit hooks that may allow for more of a live
> replication effect, but I don't expect that to happen any time soon. I
> will try and come up with a revised version of GLEP 41 and see if
> hparker and folks will agree with this new solution.
>=20
> We will probably still have the blocking script on this server, but will
> be at a much higher level. This is just to prevent folks from abusing
> the service or giving out their access for other people to use. I really
> don't see that happening, but I would prefer to have some kind of
> prevention in place for infra's sake. I'll have to think out details on
> the authentication scheme for access, but I would assume it would be per
> AT and not a shared access account.
>=20
> Thoughts?

If any user really wanted to get the access that AT/HT's get, and the
AT/HT was so to give them it, there would be different IP addresses from
the same auth 'similaneously'. ie. logs state, IP A, IPB IPA, IPb. this
would indicate a security violation and revocation of privilege for the
AT/HT. Accomplished Via script?
Personally, If I wanted a user to have access to the same tree I had, I
would say A) chill for 12hrs, B) sync to my local mirror, C) post
ebuild.tar for them.  I don't believe there is an issue with AT/HT's
disseminating access to users. However I understand the need to be
prepared in case it happens.=20

25-55min delay may need to be acceptable.

<brainstorming out loud>
Allow (x) access to the dedicated rsync server, not limited by time.
	- Allow Devs to change this number if they feel it is necessary
		- <5min access when working directly with Dev.
	- number reset every (y) days.
	(this means new infra, so prolly not)

Per AT Access:
	Each AT upload their ssh_pub to the existing infra - use that
for ?secure? rsync auth.
</>

--=20
Lares Moreau <lares.moreau@gmail.com>  | LRU: 400755 http://counter.li.org
Gentoo x86 Arch Tester                 |               ::0 Alberta, Canada
Public Key: 0D46BB6E @ subkeys.pgp.net |           Encrypted Mail Prefered
Key fingerprint =3D 0CA3 E40D F897 7709 3628  C5D4 7D94 483E 0D46 BB6E

--=-BTenHg5y6LojEMmqeJJa
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQBDf9RJfZRIPg1Gu24RAg7IAKDBewUJ3pYYWTfhYdZwppklJ+AdKgCfVp6x
1nykNbRDU5WsRKiRnAxqN50=
=Csam
-----END PGP SIGNATURE-----

--=-BTenHg5y6LojEMmqeJJa--

-- 
gentoo-dev@gentoo.org mailing list