Re: RFC: Securing maintainer uploads to master.gnome.org

From: Alan Cox <alan lxorguk ukuu org uk>
To: Olav Vitters <olav vitters nl>
Cc: desktop-devel-list gnome org
Subject: Re: RFC: Securing maintainer uploads to master.gnome.org
Date: Thu, 10 Nov 2011 12:05:14 +0000

> If any of the 350+ has their machine compromised, someone could easily
> use that to reach shell on master.gnome.org. I don't want that to be
> possible.

If you have 350+ users with hosts and some of them were shared wth
kernel.org in the past I'd suggest "When" or "Probably" not "If"

>    a. rsync might be annoying / unreliable
>    b. don't think you can delete easily with rsync
>    c. more annoying than e.g. sftp or scp

Talk to H Peter Anvin about the new kernel.org tools, they may do what
you need as well. <hpa zytor com>. In particular it tries to be smart
about signature handling.

Alan

Follow-Ups:
- Re: RFC: Securing maintainer uploads to master.gnome.org
  - From: Olav Vitters

References:
- RFC: Securing maintainer uploads to master.gnome.org
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]