1 |
christian.hartmann posted <790333825@×××.de>, excerpted below, on Wed, 29 |
2 |
Jun 2005 09:54:35 +0200: |
3 |
|
4 |
> Lance Albertson: |
5 |
>> > I'm just getting ansty about all these new people we're bringing on |
6 |
>> > and the security behind it. Thats my main concern at this point, not |
7 |
>> > whether your work is more or less than a regular developer. |
8 |
> |
9 |
> Andrea Barisani: |
10 |
>> Seriously security_wise and admin_wise I don't see shell access useful |
11 |
>> neither appropriate imho. |
12 |
>> Btw how many forums moderators are we talking about? |
13 |
> |
14 |
> I know what you're talking about. I usually don't like to give ppl shell |
15 |
> access to boxes I'm in charge of. I'm kinda paranoid on this one. ;) But |
16 |
> it's just about 10 more accounts. Knowing that toucan and all the other |
17 |
> infrastructure servers are pretty locked down and knowing that most of us |
18 |
> are really aware of security (keeping your ssh-keys in a secure place; use |
19 |
> stong passwords; lock down boxes; don't run weird scripts on servers, |
20 |
> etc.) I don't see a problem here. We are very careful about whom to give |
21 |
> the permissions to moderate the forum. Before granting them access to |
22 |
> moderate (as in moving, deleting, editing etc) the forum we have a close |
23 |
> look at the ppl so that we can make sure they don't do something nasty |
24 |
> with their permissions. |
25 |
|
26 |
I don't blame anyone for being antsy about a whole group getting new |
27 |
access at one point, I'd be antsy too. However, keep in mind that these |
28 |
/are/ /global/ moderators we are talking about, that have demonstrated |
29 |
their worth to Gentoo over multiple forums over a long enough time to have |
30 |
already been made /global/ mods. CVS access is an entirely different |
31 |
story, of course, but for general shell access -- it should be pretty |
32 |
clear by now what their intentions are on Gentoo, and given their position |
33 |
in /very/ public view as Gentoo global mods, IMO they could do /far/ more |
34 |
damage to Gentoo in a few minutes or hours on the forums than they could |
35 |
with a single shell account on a single machine (assuming proper internal |
36 |
firewalling between that box and others, and proper administrative |
37 |
supervision of a box with that many folks having shell accounts on it) in |
38 |
any case. |
39 |
|
40 |
Not only do we trust them with the highly publicly visible position of |
41 |
global mods, but now we are making them staff. If there's any reasonable |
42 |
doubt security-wise, there's something wrong with the whole situation we |
43 |
find ourselves in in the first place. |
44 |
|
45 |
Also, as someone else pointed out in the earlier thread, in a year, when |
46 |
they get full Foundation voting rights, they'll need shell accounts |
47 |
anyway, to be able to properly vote, unless of course some other |
48 |
arrangements are to be made by then. That does give us a year to work |
49 |
with on activating the accounts, true, but they've got to be activated |
50 |
sooner or later, and if we're already trusting them to the degree we are |
51 |
in the global mod position and now as staff, it might as well be now. |
52 |
|
53 |
All that said, the more people with accounts on a box, the lower the "mean |
54 |
time before failure", just in general terms, even if each individual is |
55 |
100% trusted. That's just the way things work. So, yeah, ten new in what |
56 |
amounts to one shot... it SHOULD be giving people a bit of the shivers. |
57 |
If it's not, those folks must either not be concerned about security, or |
58 |
they've lost their edge. |
59 |
|
60 |
All IMO of course. |
61 |
|
62 |
-- |
63 |
Duncan - List replies preferred. No HTML msgs. |
64 |
"Every nonfree program has a lord, a master -- |
65 |
and if you use the program, he is your master." Richard Stallman in |
66 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
67 |
|
68 |
|
69 |
-- |
70 |
gentoo-dev@g.o mailing list |