Re: hardware for anoncvs

[Luis Villa <luis villa gmail com>]

<snipping board since this is not a hardware problem.>

On 03 Aug 2005 01:15:05 -0400, Jonathan Blandford <jrb redhat com> wrote:
> James Henstridge <james jamesh id au> writes:
> 
> > Jonathan Blandford wrote:
> >
> > >I missed this -- do we actually need hardware for anoncvs?  I'm
> > >wondering if we can just turn on pserver on container or widget.  When
> > >we first set up anoncvs, we had pretty poor bandwidth to the gnome.org
> > >machines and canvas was underpowered.  Things have changed -- we have
> > >more than enough bandwidth and machine power now.
> > >
> > >Tomas, do you have any idea of how much anoncvs traffic we get?  Given
> > >that container is pretty underutilized, should we look into doing this?
> > >It would have the added advantage of being current, and not lagged.  We
> > >could also do it on window, which has a read-only mounting of
> > >/cvs/gnome, which would make me feel a bit better about it.
> > >
> > >
> > If you do turn on pserver, you might want to look at the patches that
> > are being used on freedesktop.org so that the cvs pserver runs
> > completely unprivileged (it essentially forces the '-R' option).
> >
> > This makes sure that anonymous sessions can never leave stale locks
> > around and limits the possible damage when the next CVS vulnerability is
> > discovered.
> 
> Oh nice!  I would also love to update container to RHEL4 and set up an
> selinux security context here, though that's not going to happen for a
> little bit.  I'll try to track those patches down, though, and give them
> a look.
> 
> We should get this going sooner rather than later.

Any update or ETA on this? I realized this morning that many of the
tinderboxes that are suddenly springing up are running off anoncvs,
which (given the current lag) makes them much less useful, and is very
frustrating for these folks when they have to wait quite a while for a
fix they've gotten committed to go live.

Luis