From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EdXlC-0006di-Sp for garchives@archives.gentoo.org; Sat, 19 Nov 2005 18:48:27 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jAJIlgKM030923; Sat, 19 Nov 2005 18:47:42 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [134.68.220.30]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jAJIjsIW024807 for ; Sat, 19 Nov 2005 18:45:54 GMT Received: from cpe-65-26-255-237.wi.res.rr.com ([65.26.255.237] helo=nightcrawler) by smtp.gentoo.org with esmtpa (Exim 4.43) id 1EdXik-0002k0-FG for gentoo-dev@lists.gentoo.org; Sat, 19 Nov 2005 18:45:54 +0000 Date: Sat, 19 Nov 2005 12:45:38 -0600 From: Brian Harring To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] implementation details for GLEP 41 Message-ID: <20051119184538.GE25937@nightcrawler> References: <20051119170615.GW12982@mail.lieber.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="+sHJum3is6Tsg7/J" Content-Disposition: inline In-Reply-To: <20051119170615.GW12982@mail.lieber.org> User-Agent: Mutt/1.5.11 X-Archives-Salt: 1ca597f4-abef-4d71-b27f-26b89bbfdbc4 X-Archives-Hash: 3c5bd3f3edd293efac963c235f380798 --+sHJum3is6Tsg7/J Content-Type: text/plain; charset=utf8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Nov 19, 2005 at 05:06:15PM +0000, Kurt Lieber wrote: > For instance, the way GLEP 41 suggests doing r/o cvs is not going to work. > It suggests using a single account and placing an SSH key for each arch > tester in that account's ~/.ssh/authorized_keys file. text in question "Get read-only access to the gentoo-x86 repository. This doesn't have=20 to be individual accounts, a single account, without a shell, with all=20 of their keys will be sufficiant." Note the "doesn't have to be" and "will be sufficient", it's left open=20 to how y'all want to implement it. > There are no provisions for key management and I cannot see an easy way to > handle it. It's easy to add new keys, but how do we clean out old keys f= or > retired arch testers? (including arch testers that "retire" without ever > informing us) SSH doesn't log key ID as near as I can tell, so we have no > way of tracking what keys are used and how often. Also, how do we > definitively correlate an SSH key with an arch tester? =20 >=20 > Now, the same question for email -- how do we manage aliases, especially > for inactive, retired and semi-retired arch testers? We could track usage > in logs, but between mailing list subscriptions, bugzilla notifications a= nd > all sorts of other automated emails, that's not an accurate representation > of whether an email alias is actively used or not. >=20 > I talked to Lance and neither he nor I were consulted about this GLEP and > how feasible the implementation is. We both are quite concerned about the > issues that I've outlined above as well as others. =20 >=20 > This isn't a "we're refusing to implement this GLEP" email, btw, though I= 'm > sure some of you will take it as such. It is, however, a "we were never > consulted regarding implementation details, so there are still issues that > need to be worked out before this GLEP can go anywhere" email. =20 Cvs concerns above are all based upon doing single account for cvs ro;=20 again, it's stated as an option (iow, the option is left up to y'all). It's not mandating anything on you for cvs, reread it if you don't=20 believe me. It's stating the base, that they only need the users to=20 have cvs ro access... Either way, it's word games, and yes, it's kind of retarded. ~harring --+sHJum3is6Tsg7/J Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDf3LSvdBxRoA3VU0RApKKAJ0V+i8uW6oj0fhVvFbh0+wQffyz1gCgpVrn HdXhFHHRzcTc5wQXtXaYp2E= =p+Zq -----END PGP SIGNATURE----- --+sHJum3is6Tsg7/J-- -- gentoo-dev@gentoo.org mailing list