public inbox for gentoo-project@lists.gentoo.org
 help / color / mirror / Atom feed
From: Roy Bamford <neddyseagoon@gentoo.org>
To: gentoo-project@lists.gentoo.org
Subject: Re: [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014
Date: Sat, 07 Jun 2014 18:35:43 +0100	[thread overview]
Message-ID: <1402162558.1662.0@NeddySeagoon_Static> (raw)
In-Reply-To: <201406040003.05726.dilfridge@gentoo.org> (from dilfridge@gentoo.org on Tue Jun  3 23:02:59 2014)

[-- Attachment #1: Type: text/plain, Size: 3623 bytes --]

On 2014.06.03 23:02, Andreas K. Huettel wrote:
> Am Montag, 26. Mai 2014, 14:13:32 schrieb Rich Freeman:
> > The next Gentoo Council meeting will be on 10 Jun 2014, at 19:00
> UTC.
> > 
> > Please reply to this email with any proposed agenda items.
> 
> Here's an agenda item. For discussion at the moment, since this is 
> not
> 
> something the council can decide on its own; we need the help of 
> Infra
> and the 
> foundation. Hopefully it will turn into something concrete, though
> more on the 
> lines of a GLEP or an Infra policy. Several Infra and Council members
> have 
> contributed ideas.
> 
> ########
> Create a mechanism how Gentoo developers can 
> * host non-critical services 
> * on self-provided machines or later Gentoo-provided machines
> * visible in a subdomain of gentoo.org, 
> * which they themselves administer fully and are fully responsible 
> for
> * outside the direct control of Infra, but with some limitations (see
> below)
> 
> See it as a semi-official staging area for future core services.
> 
> The foundation is asked to consider supporting such initiatives
> financially if 
> they are clearly in the interest of the general developer community.
> ########
> 
> Why?
> 
> The Gentoo infrastructure is administered with the help of tools like
> cfengine 
> or puppet, designed to distribute configuration to many machines. The
> way this 
> is set up now, fine-grained access control is not yet possible. Which
> means 
> that someone planning deployment of a new service on an official
> machine needs 
> to get access to the central repositories and thereby intrinsically
> also power 
> over core, critical services such as, e.g., cvs. 
> 
> Obviously administrative access to critical services should be
> restricted to a 
> small trusted group, and this is what Infra is. 
> 
> Any new service that does not need any elevated access permissions
> towards 
> core critical services (example, a repoman-checker that grabs the
> public 
> portage tree, analyzes it and generates alerts; example 2, a program
> that 
> parses ebuild SRC_URI, checks for availability of future versions, 
> and
> 
> displays that information on a web interface) is effectively and
> unnecessarily 
> blocked by this architecture. 
> 
> Our admins are busy keeping the core infrastructure running and safe
> (and they 
> are doing this very well, thank you!); it's understandable that they
> may not 
> want to accept additional burdens. Here's the way around it. 
> 
> Many of the pieces needed are already possible. This initiative aims
> to make a 
> package of it and advertise it.
> 
> What limitations?
> 
> This is mostly obvious stuff.
> 
> * The maintainers need to take security into account
> * Minimal/none interaction with core services (except publically
> available 
> things)
> * No use of infra passwords / credentials
> * Disclaimers on the service if web-based
> * Possibly some sort of infra access as non-privileged user required,
> e.g. for 
> running glsa-check
> 
> Cheers & happy discussion, 
> Andreas
> 
> -- 
> 
> Andreas K. Huettel
> Gentoo Linux developer 
> dilfridge@gentoo.org
> http://www.akhuettel.de/
> 
> 

The foundation do not need to be involved any more that they are now.
Anyone can apply for foundation funding for a project.
As an individual trustee, I don't see this project as any different to 
any other project that way apply for funding.

-- 
Regards,

Roy Bamford
(Neddyseagoon) a member of
elections
gentoo-ops
forum-mods
trustees

[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]

  reply	other threads:[~2014-06-07 17:36 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CAGfcS_nydQyxTBw1h0J37o2k7hTRDCdEyy=z=f02geLtauy++Q@mail.gmail.com>
2014-05-29 13:56 ` [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014 Ulrich Mueller
2014-05-29 19:03 ` Andreas K. Huettel
2014-05-29 21:45   ` [gentoo-project] Maximum number of EAPIs in tree (was: Call For Agenda Items - 10 Jun 2014) Ulrich Mueller
2014-05-29 23:27     ` Rich Freeman
2014-05-30  0:11       ` Jeroen Roovers
2014-05-30  1:31         ` Rich Freeman
2014-05-30  1:33       ` Ulrich Mueller
2014-06-05 16:06   ` [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014 Richard Yao
2014-06-05 16:42     ` Brian Dolbec
2014-06-05 16:55       ` Rich Freeman
2014-06-05 16:56     ` Tom Wijsman
2014-06-03 22:02 ` Andreas K. Huettel
2014-06-07 17:35   ` Roy Bamford [this message]
2014-06-07 20:05     ` Rich Freeman
     [not found] ` <CAGfcS_nkawNaJ58cFh1bezQOWe_kNczDfkBC=J0+zEu2chMg4Q@mail.gmail.com>
2014-06-05  6:10   ` [gentoo-project] [gentoo-dev-announce] " Ulrich Mueller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1402162558.1662.0@NeddySeagoon_Static \
    --to=neddyseagoon@gentoo.org \
    --cc=gentoo-project@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox