1 |
On Sat, 2005-11-19 at 19:02 -0600, Lance Albertson wrote: |
2 |
|
3 |
> For now, I don't want to rsync more than every 30 minutes (concerns of |
4 |
> overloading the main cvs server). Pylon has mentioned that the newer |
5 |
> version of cvs has better commit hooks that may allow for more of a live |
6 |
> replication effect, but I don't expect that to happen any time soon. I |
7 |
> will try and come up with a revised version of GLEP 41 and see if |
8 |
> hparker and folks will agree with this new solution. |
9 |
> |
10 |
> We will probably still have the blocking script on this server, but will |
11 |
> be at a much higher level. This is just to prevent folks from abusing |
12 |
> the service or giving out their access for other people to use. I really |
13 |
> don't see that happening, but I would prefer to have some kind of |
14 |
> prevention in place for infra's sake. I'll have to think out details on |
15 |
> the authentication scheme for access, but I would assume it would be per |
16 |
> AT and not a shared access account. |
17 |
> |
18 |
> Thoughts? |
19 |
|
20 |
If any user really wanted to get the access that AT/HT's get, and the |
21 |
AT/HT was so to give them it, there would be different IP addresses from |
22 |
the same auth 'similaneously'. ie. logs state, IP A, IPB IPA, IPb. this |
23 |
would indicate a security violation and revocation of privilege for the |
24 |
AT/HT. Accomplished Via script? |
25 |
Personally, If I wanted a user to have access to the same tree I had, I |
26 |
would say A) chill for 12hrs, B) sync to my local mirror, C) post |
27 |
ebuild.tar for them. I don't believe there is an issue with AT/HT's |
28 |
disseminating access to users. However I understand the need to be |
29 |
prepared in case it happens. |
30 |
|
31 |
25-55min delay may need to be acceptable. |
32 |
|
33 |
<brainstorming out loud> |
34 |
Allow (x) access to the dedicated rsync server, not limited by time. |
35 |
- Allow Devs to change this number if they feel it is necessary |
36 |
- <5min access when working directly with Dev. |
37 |
- number reset every (y) days. |
38 |
(this means new infra, so prolly not) |
39 |
|
40 |
Per AT Access: |
41 |
Each AT upload their ssh_pub to the existing infra - use that |
42 |
for ?secure? rsync auth. |
43 |
</> |
44 |
|
45 |
-- |
46 |
Lares Moreau <lares.moreau@×××××.com> | LRU: 400755 http://counter.li.org |
47 |
Gentoo x86 Arch Tester | ::0 Alberta, Canada |
48 |
Public Key: 0D46BB6E @ subkeys.pgp.net | Encrypted Mail Prefered |
49 |
Key fingerprint = 0CA3 E40D F897 7709 3628 C5D4 7D94 483E 0D46 BB6E |