| 1 |
On Sat, 2005-11-19 at 19:02 -0600, Lance Albertson wrote: |
| 2 |
|
| 3 |
> For now, I don't want to rsync more than every 30 minutes (concerns of |
| 4 |
> overloading the main cvs server). Pylon has mentioned that the newer |
| 5 |
> version of cvs has better commit hooks that may allow for more of a live |
| 6 |
> replication effect, but I don't expect that to happen any time soon. I |
| 7 |
> will try and come up with a revised version of GLEP 41 and see if |
| 8 |
> hparker and folks will agree with this new solution. |
| 9 |
> |
| 10 |
> We will probably still have the blocking script on this server, but will |
| 11 |
> be at a much higher level. This is just to prevent folks from abusing |
| 12 |
> the service or giving out their access for other people to use. I really |
| 13 |
> don't see that happening, but I would prefer to have some kind of |
| 14 |
> prevention in place for infra's sake. I'll have to think out details on |
| 15 |
> the authentication scheme for access, but I would assume it would be per |
| 16 |
> AT and not a shared access account. |
| 17 |
> |
| 18 |
> Thoughts? |
| 19 |
|
| 20 |
If any user really wanted to get the access that AT/HT's get, and the |
| 21 |
AT/HT was so to give them it, there would be different IP addresses from |
| 22 |
the same auth 'similaneously'. ie. logs state, IP A, IPB IPA, IPb. this |
| 23 |
would indicate a security violation and revocation of privilege for the |
| 24 |
AT/HT. Accomplished Via script? |
| 25 |
Personally, If I wanted a user to have access to the same tree I had, I |
| 26 |
would say A) chill for 12hrs, B) sync to my local mirror, C) post |
| 27 |
ebuild.tar for them. I don't believe there is an issue with AT/HT's |
| 28 |
disseminating access to users. However I understand the need to be |
| 29 |
prepared in case it happens. |
| 30 |
|
| 31 |
25-55min delay may need to be acceptable. |
| 32 |
|
| 33 |
<brainstorming out loud> |
| 34 |
Allow (x) access to the dedicated rsync server, not limited by time. |
| 35 |
- Allow Devs to change this number if they feel it is necessary |
| 36 |
- <5min access when working directly with Dev. |
| 37 |
- number reset every (y) days. |
| 38 |
(this means new infra, so prolly not) |
| 39 |
|
| 40 |
Per AT Access: |
| 41 |
Each AT upload their ssh_pub to the existing infra - use that |
| 42 |
for ?secure? rsync auth. |
| 43 |
</> |
| 44 |
|
| 45 |
-- |
| 46 |
Lares Moreau <lares.moreau@×××××.com> | LRU: 400755 http://counter.li.org |
| 47 |
Gentoo x86 Arch Tester | ::0 Alberta, Canada |
| 48 |
Public Key: 0D46BB6E @ subkeys.pgp.net | Encrypted Mail Prefered |
| 49 |
Key fingerprint = 0CA3 E40D F897 7709 3628 C5D4 7D94 483E 0D46 BB6E |
Archives