[Bug 621236] Remove firewalling of fixed.gnome.org:9070

["sysadmin" (bugzilla.gnome.org) <bugzilla gnome org>]

https://bugzilla.gnome.org/show_bug.cgi?id=621236
  sysadmin | Other | unspecified

Alejandro Piñeiro Iglesias <apinheiro> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |apinheiro igalia com

--- Comment #3 from Alejandro Piñeiro Iglesias <apinheiro igalia com> 2010-12-02 11:41:09 UTC ---
(In reply to comment #2)
> What are the implications of globally opening this port on the host firewall?
> Is there any application-level restrictions that can be put in place (ie; you
> can limit the build slaves at the application, and don't need to rely on us to
> update iptables)?
> 
> What other security concerns might we face by globally allowing this port? Can
> anyone attach a build server to this port? What consequences would this have?

No, not anyone can attach a build slave. In order to attach a new build slave
you need a login and a password. The list of allowed build slaves are saved as
part of the configuration of the master installed at RHEL5. The idea is that
the build brigade maintainers (AFAIK: Olav, Frederic, Iago an me) would give a
login and password to any allowed slave. But as the description says, due this
firewall rule, it is also required to ask sysadmin to include the new IP.

> If you could give me a better idea of how the build master/slave process works
> I (we) can better determine the possibility of this request.

CCing myself in order to try to answer any other question.

More information here: http://live.gnome.org/BuildBrigade/DocsAndGuides

-- 
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.