From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 3B3A21387FD for ; Sat, 7 Jun 2014 17:36:01 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 56A1DE092A; Sat, 7 Jun 2014 17:36:00 +0000 (UTC) Received: from smarthost01c.mail.zen.net.uk (smarthost01c.mail.zen.net.uk [212.23.1.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 8636EE091C for ; Sat, 7 Jun 2014 17:35:59 +0000 (UTC) Received: from [62.3.120.142] (helo=NeddySeagoon_Static) by smarthost01c.mail.zen.net.uk with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1WtKX8-0006hg-Qy for gentoo-project@lists.gentoo.org; Sat, 07 Jun 2014 17:35:58 +0000 Date: Sat, 07 Jun 2014 18:35:43 +0100 From: Roy Bamford Subject: Re: [gentoo-project] Re: [gentoo-dev-announce] Call For Agenda Items - 10 Jun 2014 To: gentoo-project@lists.gentoo.org References: <201406040003.05726.dilfridge@gentoo.org> In-Reply-To: <201406040003.05726.dilfridge@gentoo.org> (from dilfridge@gentoo.org on Tue Jun 3 23:02:59 2014) X-Mailer: Balsa 2.4.13 Message-Id: <1402162558.1662.0@NeddySeagoon_Static> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; protocol="application/pgp-signature"; boundary="=-Un5eLGj3W/WlSrPboBXC" X-Originating-smarthost01c-IP: [62.3.120.142] X-Archives-Salt: e8fa8118-6422-473f-b642-4c2a8a31e1d9 X-Archives-Hash: d693c3ddd354c8eeb8f36ff88256ca05 --=-Un5eLGj3W/WlSrPboBXC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2014.06.03 23:02, Andreas K. Huettel wrote: > Am Montag, 26. Mai 2014, 14:13:32 schrieb Rich Freeman: > > The next Gentoo Council meeting will be on 10 Jun 2014, at 19:00 > UTC. > >=20 > > Please reply to this email with any proposed agenda items. >=20 > Here's an agenda item. For discussion at the moment, since this is=20 > not >=20 > something the council can decide on its own; we need the help of=20 > Infra > and the=20 > foundation. Hopefully it will turn into something concrete, though > more on the=20 > lines of a GLEP or an Infra policy. Several Infra and Council members > have=20 > contributed ideas. >=20 > ######## > Create a mechanism how Gentoo developers can=20 > * host non-critical services=20 > * on self-provided machines or later Gentoo-provided machines > * visible in a subdomain of gentoo.org,=20 > * which they themselves administer fully and are fully responsible=20 > for > * outside the direct control of Infra, but with some limitations (see > below) >=20 > See it as a semi-official staging area for future core services. >=20 > The foundation is asked to consider supporting such initiatives > financially if=20 > they are clearly in the interest of the general developer community. > ######## >=20 > Why? >=20 > The Gentoo infrastructure is administered with the help of tools like > cfengine=20 > or puppet, designed to distribute configuration to many machines. The > way this=20 > is set up now, fine-grained access control is not yet possible. Which > means=20 > that someone planning deployment of a new service on an official > machine needs=20 > to get access to the central repositories and thereby intrinsically > also power=20 > over core, critical services such as, e.g., cvs.=20 >=20 > Obviously administrative access to critical services should be > restricted to a=20 > small trusted group, and this is what Infra is.=20 >=20 > Any new service that does not need any elevated access permissions > towards=20 > core critical services (example, a repoman-checker that grabs the > public=20 > portage tree, analyzes it and generates alerts; example 2, a program > that=20 > parses ebuild SRC_URI, checks for availability of future versions,=20 > and >=20 > displays that information on a web interface) is effectively and > unnecessarily=20 > blocked by this architecture.=20 >=20 > Our admins are busy keeping the core infrastructure running and safe > (and they=20 > are doing this very well, thank you!); it's understandable that they > may not=20 > want to accept additional burdens. Here's the way around it.=20 >=20 > Many of the pieces needed are already possible. This initiative aims > to make a=20 > package of it and advertise it. >=20 > What limitations? >=20 > This is mostly obvious stuff. >=20 > * The maintainers need to take security into account > * Minimal/none interaction with core services (except publically > available=20 > things) > * No use of infra passwords / credentials > * Disclaimers on the service if web-based > * Possibly some sort of infra access as non-privileged user required, > e.g. for=20 > running glsa-check >=20 > Cheers & happy discussion,=20 > Andreas >=20 > --=20 >=20 > Andreas K. Huettel > Gentoo Linux developer=20 > dilfridge@gentoo.org > http://www.akhuettel.de/ >=20 >=20 The foundation do not need to be involved any more that they are now. Anyone can apply for foundation funding for a project. As an individual trustee, I don't see this project as any different to=20 any other project that way apply for funding. --=20 Regards, Roy Bamford (Neddyseagoon) a member of elections gentoo-ops forum-mods trustees = --=-Un5eLGj3W/WlSrPboBXC Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAABAgAGBQJTk01+AAoJEFZf0zWq3OcJow8P/1luBR0vrOjVRujDohLtLuRe JMKWOboWqK4p6aTc4OZGlyxHtxA7eCqVdxV+wyOuT6Eg0OQ/IkYJvHBUqJuF/K0q TFJwWZc5dRtdlg4Uu03qVceH5sV1Nf/BpHRofItaQ5E+B6Ll2cTVjpNKPMWvUHEg YGU18mhqhLCYpQvz//qQAGzgdwNS4iBReAE4+yuWSemoYPKZP+Gn9QmvUA0UcDpj lfptHKUo8pInBn3mZE3gYXXpdqrlfLg3QaaRKVN7c3gv38xswcSjoffu9C80kn2t tezEf9ti8P3p5eWPOVE5VOegXROPB/IqUT7lYOjBGZEhDidSA0shoOO0XIo4Wtei z0HKQserxocLuTLPzdJggw91bIGjaq/T16Ps2aUY3VIhDnko2nNibUqb36Ual7ue v0ehRCkNbR5eJAWOa8rjzRL06II4OQettCXaMGBAd56qIQx+R4Yqpkt3vQWNF8U7 iVAN+gWhzkL2azwQ0oLIW8nNMJq/euKFjbAI96Jn5wldAffUUeidg3GQUAsNrsp1 w+6+zQRhwUHP23AbBy+B0ZbWPhPQymwg4c2VFY2T+qk8X7q5ZKdw4bA8Ew2VPGy5 lAiIb6Jni2PShtLV76N1mb45mxhJaJlazNm5p+PDWOY5qSc1JvDV47MSiHwcGiK9 siwA7J3OK9dt0uurfDO0 =S1DH -----END PGP SIGNATURE----- --=-Un5eLGj3W/WlSrPboBXC--