Re: incoming SSH restriction for *.debian.org
On Tue, Nov 13, 2018 at 09:09:44AM +0000, Peter Palfrader wrote:
> I think we'd prefer case-by-case, short-term exceptions rather than a
> blanket whitelist of ::/0 for vittoria.
Yeah, I thought you were going to say that :) it's fair enough.
Please be aware though that this may sometimes need to be fairly short
notice; especially miniconfs are sometimes hosted in a somewhat less
formal setting than a full debconf, on a residential Internet connection
where we don't know what the IP address will be until we're there, and
where it may change halfway through (in the worst case). We usually
manage to not bother you with it much by rsyncing the raw files to
vittoria and running the transcode(s) there rather than on-site like we
do for a full debconf[1], but in this context that might change.
That said, if you create a self-service interface in some way (like Andy
suggested), this might become easier, of course.
[1] which currently requires that you open a port for PostgreSQL on
vittoria, at least until I get around to implementing database
updates over HTTPS in SReview in some secure way; while that's all
planned, currently other things have priority.
--
To the thief who stole my anti-depressants: I hope you're happy
-- seen somewhere on the Internet on a photo of a billboard
Reply to: