1 |
Ignoring the yellow star issue, there are a few implementation |
2 |
concerns/impossibilities with GLEP 41 in its current form. |
3 |
|
4 |
For instance, the way GLEP 41 suggests doing r/o cvs is not going to work. |
5 |
It suggests using a single account and placing an SSH key for each arch |
6 |
tester in that account's ~/.ssh/authorized_keys file. |
7 |
|
8 |
There are no provisions for key management and I cannot see an easy way to |
9 |
handle it. It's easy to add new keys, but how do we clean out old keys for |
10 |
retired arch testers? (including arch testers that "retire" without ever |
11 |
informing us) SSH doesn't log key ID as near as I can tell, so we have no |
12 |
way of tracking what keys are used and how often. Also, how do we |
13 |
definitively correlate an SSH key with an arch tester? |
14 |
|
15 |
Now, the same question for email -- how do we manage aliases, especially |
16 |
for inactive, retired and semi-retired arch testers? We could track usage |
17 |
in logs, but between mailing list subscriptions, bugzilla notifications and |
18 |
all sorts of other automated emails, that's not an accurate representation |
19 |
of whether an email alias is actively used or not. |
20 |
|
21 |
I talked to Lance and neither he nor I were consulted about this GLEP and |
22 |
how feasible the implementation is. We both are quite concerned about the |
23 |
issues that I've outlined above as well as others. |
24 |
|
25 |
This isn't a "we're refusing to implement this GLEP" email, btw, though I'm |
26 |
sure some of you will take it as such. It is, however, a "we were never |
27 |
consulted regarding implementation details, so there are still issues that |
28 |
need to be worked out before this GLEP can go anywhere" email. |
29 |
|
30 |
--kurt |