Re: dsa meeting minutes
On Tue, 21 Jul 2009, Peter Palfrader wrote:
> (again, internal work notes)
>
> dsa 20090720
>
> - get rid of sarti hosted at rapidswitch (weasel talks to philh)
> - mirror planet to a different machine so we can reboot things
> more easily (mirroradm/Ganneff)
> - setup manpages.debian.net
> - maybe integrate into packages.d.o or maybe lintian.
> Ganneff talks to djpig
> - source.d.o on stabile (zobel+dsa - noel)
> - data.d.o pending on new ftp-master. zobel/luca/taggart/HP
> - backup.d.o (bartok running out of warranty/disk space)
> possible hosters/people to talk to
> maybe use one of the nordicgaming dl360s
> - cd-builder.d.o. bzed - tk. we think status is that
> cd folks basically just need to say when they want the
> machine and we can get one. hosted at maswan
> - security/synproxy.as - talk to Andrew Lee (zobel, sgran). done.
> - bugs frontend MX - don+weasel will maybe look at that during
> debconf/camp
> - alioth - to a blade @ luca
> - move root auth keys into puppet
> - rotate all passwords (weasel)
> - setup host based firewalls. move it into puppet/some centralized
> thing. merge different hosts' config into one. sgran+Ganneff.
> - verdi: - shut down all remainging service processes, (sgran)
> - dd disks
> - powerdown
> - have andi pick up old hw
> - experimental - it should move into d.o w-b and onto d.o buildds
> (that's something for wbadm to push)
> - raff will go away for a couple of days whenever ftc moves to houston
> wb probably should move away from raff before that happens so it's
> available during that time. kvm on dijkstra. zobel->luk/philk
> - we should have all buildds to debian.org.
> needs to be pushed by wbadm. dsa can take over and help. maybe
> some hosts need to be moved to more acceptable hosting
> - kfreebsd porter host (weasel)
> - get rid of spontini because it's slow. zobel/sgran
> - need a ud-ldap talk / discussion
> - pergolesi is back, still no eric access
ud-ldap
- move host related DNS records into ldap - A, AAAA, MX, HINFO, that
kind of stuff
- auto generate sshdist's authorized_keys from ldap
- move the information contained in generate.conf into ldap
- make ud-* tools log, i.e. create an audit log
- move echelon away from ud-ldap/ldap - DAM/Ganneff
- move ud-* functionality into a library, so that the logic is
contained in a single place, to be used to by the ud-*
shell tools and a web interface and stuff.
sgran/zack
- ud-generate should probably create a new directory to write
out its stuff so we do not carry around old crap for forever.
- ud-generate/ud-replicate should do sane locking
- partial exports to hosts
- rename db into db-master,
- make db-master's ldap accessible only from localhost and a couple
of d.o machines (say master, people)
- make a new db that is a replica of db-master,
publicly accessible
- fingerd moves to the public db.
(for dsa talk/open discussion: is anybody using ldap directly,
what for, etc)
puppet
- nsswitch.conf
- sshd_config
- environments for testing stuff
mail
- all buildds/porterboxes to move to hub layout
- maybe masquerate all outgoing @hostname.d.o mail as
@d.o.
- in any case, stop doing local mail@hostname.debian.org mail for all
hosts except for master.d.o - should unconditionally go
to ldap forward address - no .forward/.procmail stuff
- split debian.org from master.debian.org mail handling
- abuse/postmaster at virtual domains should always go
to DSA (in addition to the team if they configured it
in their aliases)
(for dsa talk/open discussion: what kind of granularity do we need
for the anti spam stuff? Do most people really want to set their
own blacklists or should we just make it a boolean. Some people
will always bitch, try to do it right for most and do not get
carried away by a few loud complainers)
hosting
- paravoid will ask if he can take the bladecenter
he might also provide storage
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: