From: Brian Harring <ferringb@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] implementation details for GLEP 41
Date: Sat, 19 Nov 2005 16:30:53 -0600 [thread overview]
Message-ID: <20051119223052.GC4535@nightcrawler> (raw)
In-Reply-To: <20051119220358.GB12982@mail.lieber.org>
[-- Attachment #1: Type: text/plain, Size: 2191 bytes --]
On Sat, Nov 19, 2005 at 10:03:58PM +0000, Kurt Lieber wrote:
> On Sat, Nov 19, 2005 at 01:51:15PM -0600 or thereabouts, Brian Harring wrote:
> > Stop pointing at one interpretation of it that sucks, when the glep
> > _does_ leave it open to you how to implement it. It's a waste of
> > people's time and bandwidth, and is a bit disenguous.
>
> I'm trying to find a solution to the issues as I see them. Telling me I'm
> wasting people's time and bandwidth doesn't seem conducive to working
> together towards a resolution to this all. If you're going to say, "it was
> passed, you guys just have to find a way to implement it. now please stop
> bothering us" then I'm going to come up with an implementation plan that
> looks something like the following:
>
> * all SSH keys and email addresses for arch testers will auto-expire after
> 60 days. If an arch tester needs to have continued access, a gentoo dev
> will have to re-submit the key and recreate the alias for that arch
> tester every 60 days.
>
> That meets the requirements of the GLEP down to the letter and also
> satisfies infra concerns around key management. However, it's a crappy
> solution.
>
> So, I'd much rather work together towards finding a better one.
Simple solution, that I've repeatedly pointed at. Use the existing
ldap setup. It's not infra's responsibility to add their accounts nor
disable them (that is left in the air as stated, although I'd expect
it'll fall on devrels head). Infra doesn't even do retirement beyond
when _devrel_ asks them to. If that process is slow, ask for help and
someone will chip in and improve it (mainly to minimize bottleneck
involved).
A simple script handling a pull from ldap sshPubKey attribute
updating $USER/.ssh/authorized_keys on lark, you've got the cvs ro
issue licked. Doesn't require anything crazy/new, and could be
implemented in no time- no infra overhead beyond an initial setup cost
for cvs, which I would be willing to implement myself.
It's minor to do it within existing framework, which is why I've
stated it's daft pointing at the minimal requirement as admin hell.
~harring
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2005-11-19 22:35 UTC|newest]
Thread overview: 51+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-19 17:06 [gentoo-dev] implementation details for GLEP 41 Kurt Lieber
2005-11-19 17:57 ` Danny van Dyk
2005-11-19 18:15 ` Kurt Lieber
2005-11-19 18:34 ` Simon Stelling
2005-11-19 18:45 ` Brian Harring
2005-11-19 19:03 ` Sven Vermeulen
2005-11-19 19:14 ` Kurt Lieber
2005-11-19 19:51 ` Brian Harring
2005-11-19 22:03 ` Kurt Lieber
2005-11-19 22:13 ` Lares Moreau
2005-11-19 22:30 ` Brian Harring [this message]
2005-11-19 22:47 ` Kurt Lieber
2005-11-19 22:52 ` Brian Harring
2005-11-19 23:04 ` Kurt Lieber
2005-11-20 0:26 ` Retiring devs [was Re: [gentoo-dev] implementation details for GLEP 41] Brian Harring
2005-11-20 8:07 ` Sune Kloppenborg Jeppesen
2005-11-20 12:58 ` Wernfried Haas
2005-11-20 15:10 ` Bryan Ãstergaard
2005-11-20 15:34 ` Lance Albertson
2005-11-20 15:43 ` Bryan Ãstergaard
2005-11-20 16:52 ` Ned Ludd
2005-11-20 19:40 ` Wernfried Haas
2005-11-19 23:04 ` [gentoo-dev] implementation details for GLEP 41 Tres Melton
2005-11-19 23:09 ` Lance Albertson
2005-11-19 23:33 ` Simon Stelling
2005-11-20 4:27 ` Grant Goodyear
2005-11-19 22:42 ` Kurt Lieber
2005-11-19 22:44 ` Dan Meltzer
2005-11-19 22:56 ` Kurt Lieber
2005-11-19 22:57 ` Dan Meltzer
2005-11-19 22:59 ` Dan Meltzer
2005-11-19 23:12 ` Kurt Lieber
2005-11-19 23:44 ` Lares Moreau
2005-11-20 0:13 ` Lance Albertson
2005-11-20 0:28 ` Lares Moreau
2005-11-20 1:02 ` Lance Albertson
2005-11-20 1:41 ` Lares Moreau
2005-11-20 4:25 ` Grant Goodyear
2005-11-20 4:37 ` Ned Ludd
2005-11-20 4:49 ` Lance Albertson
2005-11-20 4:42 ` Corey Shields
2005-11-20 4:50 ` Lance Albertson
2005-11-20 5:04 ` Corey Shields
2005-11-20 5:44 ` Robin H. Johnson
2005-11-20 11:29 ` [gentoo-dev] " Duncan
2005-11-20 14:49 ` Lares Moreau
2005-11-20 14:57 ` Ciaran McCreesh
2005-11-21 11:48 ` [gentoo-dev] " Duncan
2005-11-20 16:37 ` [gentoo-dev] " Corey Shields
2005-11-20 5:31 ` [gentoo-dev] CVS-Server requirements (was: implementation details for GLEP 41) Lars Weiler
2005-11-20 14:44 ` Lares Moreau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051119223052.GC4535@nightcrawler \
--to=ferringb@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox