Re: incoming SSH restriction for *.debian.org

[Andy Simpkins <rattusrattus@debian.org>]

On 13/11/2018 09:09, Peter Palfrader wrote:
> On Tue, 13 Nov 2018, Wouter Verhelst wrote:
>
> > I support this, but it would make uploading video content from debconf
> > to vittoria.d.o rather complicated and slow (we do rsync-over-SSH to
> > backup the raw recordings after debconf, which for a full debconf
> > usually racks up to about a terabyte; doing that via a jumphost seems
> > like a bad idea).
> >
> > Can an exception be made for vittoria? If not, can this be done on a
> > case-by-case basis for the events where we would like to upload
> > something from? This would also include miniconfs etc.
> I think we'd prefer case-by-case, short-term exceptions rather than a
> blanket whitelist of ::/0 for vittoria.


In the case of debconf & miniconf's is opening ports something that we
can automate, such that for example we request port, destination(s)
and provide a from subnet and a time period for the ports to be open
(3 weeks would appear to be a maximum time frame)?

If so is this something that we as the video team can use on a
self-service basis or would we need to raise a request each time?

/Andy