[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Switching from CVS to something else

Hi,

On Tue, Aug 21, 2007 at 06:21:24PM +0200, Martin Schulze wrote:
> Osamu Aoki wrote:
> > On Tue, Aug 21, 2007 at 09:59:37AM +0200, Martin Schulze wrote:
> > > Raphael Hertzog wrote:
> > > > - you can have control on the members of your team without the need
> > > >   to ask DSA to add or remove someone
> > > 
> > > Has this been a major problem in the past?
> > 
> > Yes to some extent for DDP.
> 
> I thought we were talking about webwml and not DDP.
> 
> (I agree that DDP has a problem, and since it doesn't have a maintainer
> like webmaster@d.o it's more difficult from my perspective, but that's
> o-t here).

OK.  

> > But in principle, GForge like system removes one bottleneck.  In
> > volunteer project such as debian, local control is better than having
> > higher level interventions, if this is done securely for well defined
> > limited scope.
> 
> I have some problems with this approach since being able to commit
> to webwml means being able to execute arbitrary code on www-master
> which is currently the same as security-master.  Thus, having only
> limited write access and a controlled way to expand this, is actually
> a feature, imho.

I agree giving right for translator to execute arbitrary code on
www-master is bad idea.  I am not suggesting to move to that direction.

My idea is roughly as following:

1. There are arbitual number of machines (can be one) which are allowed to
   create assigned section of static web page.
   (Let's call this/these machine-X)
2. Each machine updates its content as they see needed and build the web
   pages as the need.
3. There is a way to communicate with www-mater for each machine-X to 
   indicate that particular sections of web pages are updated.
4. When www-master realize updated web pages by the message, it replicate 
   that portion of web pages by the rsync etc. efficiently.
5. Once successfully replicate web pages, www-mater communicate to the
   machine-X of the successful operation.
6. Machine-X reset its data state.

The communication may be with polling by the www-master to some file on the 
machine-X with SSH key access....  maybe by auto signed mail exchange
with specific keys distributed by the www-master.

If web page is generated in this way, it is much easier to integrate DDP
or any other services which requires program execution to the mirrored
web page infrastructure without increasing the security of the
www-master as long as the resulted contents are static.


The remaining risk is someone like translator who can join project with
less security clearance can still insert malicious code in the web page
which will be executed on the client PC accessing Debian site.  This
risk is not so new though.

> > Since we have no read access to www.debian.org these days, I have no
> > idea how it is done there.
> 
> Parse error.  (or semantic error)

I mean normal read access to the file system to read the script and
configuration used there (i.e. login).  We can certainly connect to and
read the web pages.

> Regards,
> 
> 	Joey
> 
> -- 
> WARNING: Do not execute!  This call violates patent DE10108564.
> http://www.elug.de/projekte/patent-party/patente/DE10108564
> 
> wget -O patinfo-`date +"%Y%m%d"`.html http://patinfo.ffii.org/
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-www-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>
Reply to: