From: Tavis Ormandy <taviso@gentoo.org>
To: Kurt Lieber <klieber@gentoo.org>
Cc: gentoo-dev@gentoo.org
Subject: Re: [gentoo-dev] Finger GLEP
Date: Mon, 11 Aug 2003 00:02:10 +0000 [thread overview]
Message-ID: <20030811000210.GB8548@sdf.lonestar.org> (raw)
In-Reply-To: <20030810232734.GJ1819@mail.lieber.org>
On Sun, Aug 10, 2003 at 07:27:37PM -0400, Kurt Lieber wrote:
> OK, I guess this one is an infrastructure GLEP to approve/reject. I'd also
> like to get input from seemant as the devrel manager.
>
> I have security concerns about running fingerd, but I can see how the
> benefits outweigh the risks in this case.
I thought some people might, im not sure what the specific issues you
have are, but I know that a lot of people have had the "finger == bad"
hammered into them, partly due to the information leakage, and partly as
some of the early (pre 1980s) implementations were famously poor.
I'm confident it is totally secure to use fingerd, and i included the
list of famous sites using fingerd as precedent...but i understand it
still makes some admins nervous :)
> However, there are still several
> areas that I don't see being addressed by this GLEP:
>
> 1) We already suffer from what I call "information sprawl" right now,
> meaning we have the same information spread out across multiple places,
> with no one place being the "master repository". The net result of this is
> that users have to hunt through multiple repositories to try to find out
> which one the developer chose to use for their particular query.
agreed, but i think the specific type of information that would be kept
in .plans is not available in any easy form right now, i guess tracking
cvs commits and searching through usernames with bugzilla is the closest
way you can get to an activity report, which is just not practical for
most users, and even developers in a rush would probably not bother.
> What ensures that the data available via fingerd will be a) complete
> (meaning how will you ensure all developers participate) and b) up-to-date?
> IMO, we need to identify one master source of information and *ensure* that
> is used and kept up-to-date. If we want to provide multiple avenues to
> access that info, that's fine, but we need one database, not multiple ones.
>
imho, if all developers just created a ~/.pgpkey the fingerd will be
worth having (i'll explain below why i think this is the best medium for
key distribution). In the implementations i have seen, people have
always kept their .plans reasonably up to date, its an easy way to keep
people notified of things that they are working on (or an in depth
description of their responsibilities, etc) and if the finger daemon was
well known about (mentioned in gwn, for example) it will give users a
chance to check for updates before firing off an email.
> 2) Tangental to the issue above, we've already talked about placing things
> like GPG keys on the web site in XML format and pulling the other info (dev
> name, location, projects, etc.) in via XML as well. Why is the fingerd
> solution a better one? Items on the web site are updated hourly. I can't
> think of too many cases where that type of freshness isn't timely enough.
>
> --kurt
Yep, i suggested a fingerd at the time. imho, its the best way for
distributing keys.
making the keys available via the website is not ideal, getting it into
a keyring involves a few steps, eg:
1) fire up web browser, navigate to query page
2) enter dev name, and then copy and paste key into text
or copy and paste url for wget to fetch
3) gpg --import < saved_file
4) rm saved_file, etc, etc.
and putting the keys onto keyservers would involve getting users to
check fingerprints, and distributing those fingerprints (agreed, checks
should always be made anyway, but in reality i cant see that happening).
making the keys available via finger means it will be simple to get any
keys into gpg from the command line on one line, eg:
$ finger klieber@gentoo.org | gpg --import
the user can be confident the key is really yours, and only one basic
command is required (you can test this with my key, my address is in my
.sig).
Also, should a developer revoke or regenerate a key, they would have to
contact someone with cvs access to the website to update it, with
fingerd they can just login (or scp) to dev.g.o and update the key
themselves, which would take effect immediately. I am totally confident
this is the simplest and best medium for distributing developer keys.
Thanks, Tavis.
--
-------------------------------------
taviso@sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------
--
gentoo-dev@gentoo.org mailing list
next prev parent reply other threads:[~2003-08-11 0:02 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-08-10 22:39 [gentoo-dev] Finger GLEP Tavis Ormandy
2003-08-10 23:27 ` Kurt Lieber
2003-08-10 23:36 ` Seemant Kulleen
2003-08-11 0:17 ` Tavis Ormandy
2003-08-11 0:57 ` Spider
2003-08-11 0:02 ` Tavis Ormandy [this message]
2003-08-11 9:22 ` Kurt Lieber
2003-08-11 11:35 ` Tavis Ormandy
2003-08-11 12:37 ` Paul de Vrieze
2003-08-11 12:59 ` Tavis Ormandy
2003-08-11 13:33 ` Kurt Lieber
2003-08-11 14:01 ` Tavis Ormandy
2003-08-11 0:03 ` Grant Goodyear
2003-08-11 8:05 ` Paul de Vrieze
2003-08-11 1:17 ` Aron Griffis
2003-08-11 8:24 ` Paul de Vrieze
2003-08-11 12:09 ` Tavis Ormandy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030811000210.GB8548@sdf.lonestar.org \
--to=taviso@gentoo.org \
--cc=gentoo-dev@gentoo.org \
--cc=klieber@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox