Re: RFC: Securing maintainer uploads to master.gnome.org

[Olav Vitters <olav vitters nl>]

On Thu, Nov 10, 2011 at 07:47:26PM -0500, Tristan Van Berkom wrote:
>    I think it's nice that currently we can upload win32 and osx builds of gnome
> modules/apps and have them available on gnome servers, if we take away
> shell access then perhaps the install-module/ftpadmin script should be
> enhanced to allow this (afaik the only way currently is to manually place
> a file somewhere on master.gnome.org).

Any pointers on what you need? It should be enhanced, yes. Ftpadmin
takes a file and then based on the filename it figures out where to
store it. For binary stuff, I think we should agree on the way the files
are named. This so ftpadmin can figure out where to store it on
'ftp.gnome.org'.

If possible, I want to first get rid of the majority of the shell
accounts and still allow the old way. Then whomever complains gets a
shell, but then I'll work to remove the shell again ;)

> Other than that I think the only interaction I ever needed with master.gnome.org
> was to hook the autogeneration of glade.gnome.org website to a git commit
> hook or such (and it probably shouldn't have been me doing that anyway...).

This I don't get. Master.gnome.org is just to release tarballs. If you
need a post-commit git rule, just file a bug with
https://bugzilla.gnome.org/browse.cgi?product=sysadmin. If
glade.gnome.org is on a gnome server, then it should be pretty easy to
setup (already have post-commit scripts in place; only need to run "git
config" on git.gnome.org).
-- 
Regards,
Olav