| 1 |
On Thu, Sep 6, 2018 at 12:14 PM M. J. Everitt <m.j.everitt@×××.org> wrote: |
| 2 |
> |
| 3 |
> That's not how I understand LDAP .. I believe there is not only build-in |
| 4 |
> replication but redundancy too, so that, for instance, with logon |
| 5 |
> authorisation, you're not dependent on one single host .. that would be |
| 6 |
> a b1tch if it went down and thousands of users got locked out .. surely?! |
| 7 |
> And yes, as far as I know, there is a security mechanism built-in so any |
| 8 |
> Tom, Dick or Harry can't get the data without the relevant keys ... |
| 9 |
|
| 10 |
It is centralized in the sense that you're trusting a central |
| 11 |
authority to maintain it. It was just an example of the sort of |
| 12 |
service that isn't easy to decentralize (PKI problem in general), much |
| 13 |
like a lot of the tree-signing discussions, but at least those have |
| 14 |
the advantage of sitting on git which is by itself easy to |
| 15 |
decentralize. |
| 16 |
|
| 17 |
And this isn't intended as some kind of Gentoo-politics stance. One |
| 18 |
issue with having one legal entity own all our stuff is that we don't |
| 19 |
control the law. If somebody sues Gentoo and wins, they could be |
| 20 |
awarded all our infra, and that would be pretty painful to recover |
| 21 |
from right now. Maybe the infra team is legally bound by |
| 22 |
confidentiality to "Gentoo" (aka SCO or whoever sued us) so they can't |
| 23 |
even replicate the data on new servers. |
| 24 |
|
| 25 |
It isn't an easy thing, and I'm not suggesting holding other things |
| 26 |
up, but I think in general a community-based org is better off if it |
| 27 |
can actually be run by the community. If we happen to run the infra |
| 28 |
on central stuff it isn't as much of a problem if all the data is |
| 29 |
published/etc so that anybody can just fork the whole thing. If this |
| 30 |
is done before any lawsuits/etc happen then there is no way to stop |
| 31 |
it. In an ideal world there would be a wiki page on how to roll your |
| 32 |
own Gentoo infra. |
| 33 |
|
| 34 |
I don't want to sidetrack the thread further. I just think that |
| 35 |
focusing more on the bazaar might work out long-term better than |
| 36 |
building a better cathedral, since we aren't Redhat. |
| 37 |
|
| 38 |
-- |
| 39 |
Rich |
Archives