| 1 |
Ignoring the yellow star issue, there are a few implementation |
| 2 |
concerns/impossibilities with GLEP 41 in its current form. |
| 3 |
|
| 4 |
For instance, the way GLEP 41 suggests doing r/o cvs is not going to work. |
| 5 |
It suggests using a single account and placing an SSH key for each arch |
| 6 |
tester in that account's ~/.ssh/authorized_keys file. |
| 7 |
|
| 8 |
There are no provisions for key management and I cannot see an easy way to |
| 9 |
handle it. It's easy to add new keys, but how do we clean out old keys for |
| 10 |
retired arch testers? (including arch testers that "retire" without ever |
| 11 |
informing us) SSH doesn't log key ID as near as I can tell, so we have no |
| 12 |
way of tracking what keys are used and how often. Also, how do we |
| 13 |
definitively correlate an SSH key with an arch tester? |
| 14 |
|
| 15 |
Now, the same question for email -- how do we manage aliases, especially |
| 16 |
for inactive, retired and semi-retired arch testers? We could track usage |
| 17 |
in logs, but between mailing list subscriptions, bugzilla notifications and |
| 18 |
all sorts of other automated emails, that's not an accurate representation |
| 19 |
of whether an email alias is actively used or not. |
| 20 |
|
| 21 |
I talked to Lance and neither he nor I were consulted about this GLEP and |
| 22 |
how feasible the implementation is. We both are quite concerned about the |
| 23 |
issues that I've outlined above as well as others. |
| 24 |
|
| 25 |
This isn't a "we're refusing to implement this GLEP" email, btw, though I'm |
| 26 |
sure some of you will take it as such. It is, however, a "we were never |
| 27 |
consulted regarding implementation details, so there are still issues that |
| 28 |
need to be worked out before this GLEP can go anywhere" email. |
| 29 |
|
| 30 |
--kurt |
Archives