From: Roy Bamford <neddyseagoon@gentoo.org>
To: gentoo-project@lists.gentoo.org
Subject: Re: [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014
Date: Sat, 07 Jun 2014 18:35:43 +0100 [thread overview]
Message-ID: <1402162558.1662.0@NeddySeagoon_Static> (raw)
In-Reply-To: <201406040003.05726.dilfridge@gentoo.org> (from dilfridge@gentoo.org on Tue Jun 3 23:02:59 2014)
[-- Attachment #1: Type: text/plain, Size: 3623 bytes --]
On 2014.06.03 23:02, Andreas K. Huettel wrote:
> Am Montag, 26. Mai 2014, 14:13:32 schrieb Rich Freeman:
> > The next Gentoo Council meeting will be on 10 Jun 2014, at 19:00
> UTC.
> >
> > Please reply to this email with any proposed agenda items.
>
> Here's an agenda item. For discussion at the moment, since this is
> not
>
> something the council can decide on its own; we need the help of
> Infra
> and the
> foundation. Hopefully it will turn into something concrete, though
> more on the
> lines of a GLEP or an Infra policy. Several Infra and Council members
> have
> contributed ideas.
>
> ########
> Create a mechanism how Gentoo developers can
> * host non-critical services
> * on self-provided machines or later Gentoo-provided machines
> * visible in a subdomain of gentoo.org,
> * which they themselves administer fully and are fully responsible
> for
> * outside the direct control of Infra, but with some limitations (see
> below)
>
> See it as a semi-official staging area for future core services.
>
> The foundation is asked to consider supporting such initiatives
> financially if
> they are clearly in the interest of the general developer community.
> ########
>
> Why?
>
> The Gentoo infrastructure is administered with the help of tools like
> cfengine
> or puppet, designed to distribute configuration to many machines. The
> way this
> is set up now, fine-grained access control is not yet possible. Which
> means
> that someone planning deployment of a new service on an official
> machine needs
> to get access to the central repositories and thereby intrinsically
> also power
> over core, critical services such as, e.g., cvs.
>
> Obviously administrative access to critical services should be
> restricted to a
> small trusted group, and this is what Infra is.
>
> Any new service that does not need any elevated access permissions
> towards
> core critical services (example, a repoman-checker that grabs the
> public
> portage tree, analyzes it and generates alerts; example 2, a program
> that
> parses ebuild SRC_URI, checks for availability of future versions,
> and
>
> displays that information on a web interface) is effectively and
> unnecessarily
> blocked by this architecture.
>
> Our admins are busy keeping the core infrastructure running and safe
> (and they
> are doing this very well, thank you!); it's understandable that they
> may not
> want to accept additional burdens. Here's the way around it.
>
> Many of the pieces needed are already possible. This initiative aims
> to make a
> package of it and advertise it.
>
> What limitations?
>
> This is mostly obvious stuff.
>
> * The maintainers need to take security into account
> * Minimal/none interaction with core services (except publically
> available
> things)
> * No use of infra passwords / credentials
> * Disclaimers on the service if web-based
> * Possibly some sort of infra access as non-privileged user required,
> e.g. for
> running glsa-check
>
> Cheers & happy discussion,
> Andreas
>
> --
>
> Andreas K. Huettel
> Gentoo Linux developer
> dilfridge@gentoo.org
> http://www.akhuettel.de/
>
>
The foundation do not need to be involved any more that they are now.
Anyone can apply for foundation funding for a project.
As an individual trustee, I don't see this project as any different to
any other project that way apply for funding.
--
Regards,
Roy Bamford
(Neddyseagoon) a member of
elections
gentoo-ops
forum-mods
trustees
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2014-06-07 17:36 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAGfcS_nydQyxTBw1h0J37o2k7hTRDCdEyy=z=f02geLtauy++Q@mail.gmail.com>
2014-05-29 13:56 ` [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014 Ulrich Mueller
2014-05-29 19:03 ` Andreas K. Huettel
2014-05-29 21:45 ` [gentoo-project] Maximum number of EAPIs in tree (was: Call For Agenda Items - 10 Jun 2014) Ulrich Mueller
2014-05-29 23:27 ` Rich Freeman
2014-05-30 0:11 ` Jeroen Roovers
2014-05-30 1:31 ` Rich Freeman
2014-05-30 1:33 ` Ulrich Mueller
2014-06-05 16:06 ` [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014 Richard Yao
2014-06-05 16:42 ` Brian Dolbec
2014-06-05 16:55 ` Rich Freeman
2014-06-05 16:56 ` Tom Wijsman
2014-06-03 22:02 ` Andreas K. Huettel
2014-06-07 17:35 ` Roy Bamford [this message]
2014-06-07 20:05 ` Rich Freeman
[not found] ` <CAGfcS_nkawNaJ58cFh1bezQOWe_kNczDfkBC=J0+zEu2chMg4Q@mail.gmail.com>
2014-06-05 6:10 ` [gentoo-project] [gentoo-dev-announce] " Ulrich Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1402162558.1662.0@NeddySeagoon_Static \
--to=neddyseagoon@gentoo.org \
--cc=gentoo-project@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox