Re: incoming SSH restriction for *.debian.org
On 13/11/2018 09:09, Peter Palfrader wrote:
On Tue, 13 Nov 2018, Wouter Verhelst wrote:
I support this, but it would make uploading video content from debconf
to vittoria.d.o rather complicated and slow (we do rsync-over-SSH to
backup the raw recordings after debconf, which for a full debconf
usually racks up to about a terabyte; doing that via a jumphost seems
like a bad idea).
Can an exception be made for vittoria? If not, can this be done on a
case-by-case basis for the events where we would like to upload
something from? This would also include miniconfs etc.
I think we'd prefer case-by-case, short-term exceptions rather than a
blanket whitelist of ::/0 for vittoria.
In the case of debconf & miniconf's is opening ports something that we
can automate, such that for example we request port, destination(s)
and provide a from subnet and a time period for the ports to be open
(3 weeks would appear to be a maximum time frame)?
If so is this something that we as the video team can use on a
self-service basis or would we need to raise a request each time?