Gentoo Archives: gentoo-dev

From: Kurt Lieber <klieber@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] implementation details for GLEP 41
Date: Sat, 19 Nov 2005 17:04:21
Ignoring the yellow star issue, there are a few implementation
concerns/impossibilities with GLEP 41 in its current form. 

For instance, the way GLEP 41 suggests doing r/o cvs is not going to work.
It suggests using a single account and placing an SSH key for each arch
tester in that account's ~/.ssh/authorized_keys file.

There are no provisions for key management and I cannot see an easy way to
handle it.  It's easy to add new keys, but how do we clean out old keys for
retired arch testers?  (including arch testers that "retire" without ever
informing us)  SSH doesn't log key ID as near as I can tell, so we have no
way of tracking what keys are used and how often.  Also, how do we
definitively correlate an SSH key with an arch tester?  

Now, the same question for email -- how do we manage aliases, especially
for inactive, retired and semi-retired arch testers?  We could track usage
in logs, but between mailing list subscriptions, bugzilla notifications and
all sorts of other automated emails, that's not an accurate representation
of whether an email alias is actively used or not.

I talked to Lance and neither he nor I were consulted about this GLEP and
how feasible the implementation is.  We both are quite concerned about the
issues that I've outlined above as well as others.  

This isn't a "we're refusing to implement this GLEP" email, btw, though I'm
sure some of you will take it as such.  It is, however, a "we were never
consulted regarding implementation details, so there are still issues that
need to be worked out before this GLEP can go anywhere" email.