Re: hardware for anoncvs

From: Jonathan Blandford <jrb redhat com>
To: James Henstridge <james jamesh id au>
Cc: gnome-infrastructure gnome org, GNOME Board <board gnome org>
Subject: Re: hardware for anoncvs
Date: 03 Aug 2005 01:15:05 -0400

James Henstridge <james jamesh id au> writes:

> Jonathan Blandford wrote:
> 
> >I missed this -- do we actually need hardware for anoncvs?  I'm
> >wondering if we can just turn on pserver on container or widget.  When
> >we first set up anoncvs, we had pretty poor bandwidth to the gnome.org
> >machines and canvas was underpowered.  Things have changed -- we have
> >more than enough bandwidth and machine power now.
> >
> >Tomas, do you have any idea of how much anoncvs traffic we get?  Given
> >that container is pretty underutilized, should we look into doing this?
> >It would have the added advantage of being current, and not lagged.  We
> >could also do it on window, which has a read-only mounting of
> >/cvs/gnome, which would make me feel a bit better about it.
> >  
> >
> If you do turn on pserver, you might want to look at the patches that
> are being used on freedesktop.org so that the cvs pserver runs
> completely unprivileged (it essentially forces the '-R' option).
> 
> This makes sure that anonymous sessions can never leave stale locks
> around and limits the possible damage when the next CVS vulnerability is
> discovered.

Oh nice!  I would also love to update container to RHEL4 and set up an
selinux security context here, though that's not going to happen for a
little bit.  I'll try to track those patches down, though, and give them
a look.

We should get this going sooner rather than later.

Thanks,
-Jonathan

Follow-Ups:
- Re: hardware for anoncvs
  - From: Luis Villa

References:
- Re: hardware for anoncvs
  - From: James Henstridge

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]