1 |
On Thu, Sep 6, 2018 at 12:14 PM M. J. Everitt <m.j.everitt@×××.org> wrote: |
2 |
> |
3 |
> That's not how I understand LDAP .. I believe there is not only build-in |
4 |
> replication but redundancy too, so that, for instance, with logon |
5 |
> authorisation, you're not dependent on one single host .. that would be |
6 |
> a b1tch if it went down and thousands of users got locked out .. surely?! |
7 |
> And yes, as far as I know, there is a security mechanism built-in so any |
8 |
> Tom, Dick or Harry can't get the data without the relevant keys ... |
9 |
|
10 |
It is centralized in the sense that you're trusting a central |
11 |
authority to maintain it. It was just an example of the sort of |
12 |
service that isn't easy to decentralize (PKI problem in general), much |
13 |
like a lot of the tree-signing discussions, but at least those have |
14 |
the advantage of sitting on git which is by itself easy to |
15 |
decentralize. |
16 |
|
17 |
And this isn't intended as some kind of Gentoo-politics stance. One |
18 |
issue with having one legal entity own all our stuff is that we don't |
19 |
control the law. If somebody sues Gentoo and wins, they could be |
20 |
awarded all our infra, and that would be pretty painful to recover |
21 |
from right now. Maybe the infra team is legally bound by |
22 |
confidentiality to "Gentoo" (aka SCO or whoever sued us) so they can't |
23 |
even replicate the data on new servers. |
24 |
|
25 |
It isn't an easy thing, and I'm not suggesting holding other things |
26 |
up, but I think in general a community-based org is better off if it |
27 |
can actually be run by the community. If we happen to run the infra |
28 |
on central stuff it isn't as much of a problem if all the data is |
29 |
published/etc so that anybody can just fork the whole thing. If this |
30 |
is done before any lawsuits/etc happen then there is no way to stop |
31 |
it. In an ideal world there would be a wiki page on how to roll your |
32 |
own Gentoo infra. |
33 |
|
34 |
I don't want to sidetrack the thread further. I just think that |
35 |
focusing more on the bazaar might work out long-term better than |
36 |
building a better cathedral, since we aren't Redhat. |
37 |
|
38 |
-- |
39 |
Rich |