[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wanna-build vs. m68k

Bouncing to the list so ya'll can see the whole reply.

On Fri, Jul 18, 2008 at 02:33:40AM -0700, Ryan Murray wrote:
> On Tue, 8 Jul 2008 12:59:19 -0500
> Stephen R Marenka <stephen@marenka.net> wrote:
> > Please find attached the ssh keys and email addresses of the 23 current
> > m68k buildds. I hope to be able to add 4 more sometime this year.
> > 
> > May 14 or so was the last time any of the m68k porters had access to
> > buildd.debian.org. I've been maintaining our status manually since then.
> DSA disabled all ssh keys around that time due to the SSL
> vulnerability, and the attached message was sent to
> buildd-maintainers@buildd.d.o, which expands to all of the
> arch@buildd.debian.org aliases.  m68k@buildd.debian.org forwards to
> m68k-build@nocrew.org, with special exim rewriting logic so that the
> To: is always seen as m68k-build@nocrew.org  I've never seen a request
> for this to be updated.  Other archs replied to the correct address by
> May 16th at the latest, and all issues with the changes for them were
> sorted out by May 21st.
> > I've tried contacting buildd-team@b.d.o as well as other roles and
> > individual addresses regularly since then. 
> buildd-team@ is the first address I fixed from the horrible spam
> situation the address was in on my side, on May 13th, when the problem
> occurred.  I unfortunately sent the message without a reply-to: of the
> only address I had that wasn't mostly a black hole.  I received a
> message on Jun 8th, replied on Jun 9th, and got a reply on Jun 11th,
> with a followup message, and another followup on June 24th with
> additional buildds.  Unfortunately, that was the start of my ~5 weeks of
> moving disruption, combined with the final month before a release at
> $work.  I'm sorry that this timing, combined with the spam-blackhole
> nature of my email addresses (before may 13th for buildd-team, and late june for
> other @d.o addresses and @cyberhqz.com), means that the messages I've
> referred to are the only ones I've seen.
> > concrete results. I believe other m68k porters have tried similarly with 
> > the same results.
> Other than Michael Casadevall on June 23rd that you replied to on the
> 24th (the followup referred to above), there hasn't been any other mail
> from other m68k porters to the requested contact address
> buildd-team@buildd.debian.org.  I can't be sure on the other addresses
> before June 21, but there hasn't been anything since.  I believe
> someone may have opened a DSA RT ticket which subsequently got closed
> as "wrong place" by DSA.
> > I have in the past advocated that one of the m68k team be granted
> > access to update the ssh keys for buildd_m68k@b.d.o. I still think this 
> > is the best approach, but I have little faith in this being the result.
> As part of the process requires root access to update and reload apache
> config files, there isn't much hope for a non-automated form of updates
> this way.
> > We have not had an etch-m68k/stable or stable-security w-b database since 
> > etch was released. Even though we've made multiple requests.
> etch-m68k was created by one ftp-master who told the others that he
> would "do all the work" required to support it, and it was left to that.
> I've been swamped with a new startup job since the release of etch, so
> haven't had time to hack the buildd scripts to support etch-m68k/stable.
> > We've been trying for months (since Feb. 14) to update the ssh keys for
> > new buildds. The last update before that only happened after a face-to-
> > face meeting at a conference. (And even then, not all of the keys were 
> > setup correctly.)
> This has been in part to the spamful nature of several debian role
> address and over-eager adaptive anti-spam software.  It means I've
> never seen any of the requests, and they're buried in several gigs of
> spam.
> > So please, either explicitly update our keys, give one of us access, or
> > tell us you won't support us any longer. I'm rather tired of being
> I've updated the keys for buildds that already existed.  For the new
> buildds, I need either an IP address for static IP buildds, or a
> 12 character+ password via encrypted email for dynamic IPs for
> incoming.debian.org access. Security access needs a separate password
> for each buildd with access. Buildds not entirely managed by Debian
> Developers should likely not build security, as embargoed updates
> should have minimum visibility outside (and even within) the project.
> It's really the security team's call in the end on that part, tho.
> > ignored. You've spent more time deleting my emails than it takes to fix
> > the keys.
> I haven't actively deleted anything.  I'm sorry that the situation has
> lead you to believe this.
> > In the event that ya'll don't wish to support us any longer, m68k will
> > either host our own w-b database or perhaps the debian-ports folks will
> > support us. Either way, it would be nice if we could coordinate a transfer 
> > so that we don't lose any state information.
> I've heard rumours from a couple of groups that after the release of
> lenny, they are looking at changes which will mean a move from
> buildd.d.o wanna-build in any case:
> 	* ftp-master is looking at dropping from unstable archs that
> haven't made a release in 2+ releases to free up primary mirror space
> for archive growth and new archs that seem more ready to be in a
> release.
> 	* Some active DSA members feel that keeping etch m68k systems
> updated is a lot of time better spent doing many other things.  That
> situation is only getting worse from release to release.
> So, after the lenny release timeframe, m68k should look at moving all
> the infrastructure (archive/dev systems/buildds/w-b) to one place (such
> as debian-ports.org, which other archs are using as a pre- ftp-master
> staging area).
> I've attached the updated buildd_m68k authorized_keys file.  It's also
> helpful to know who is the local maintainer for each buildd, as that's
> how the current file is laid out.  Once I have the IPs/passwords for
> the commented out buildds at the bottom, I'll enable them.  Sorry again
> for taking so long to get back to you.

> AF:
> NF:0
> PS:10
> SRH:1
> SFN:
> DSR:
> MID:
> CFG:
> PT:0
> S:rmurray@cyberhqz.com
> RQ:
> SSV:mail.cyberhqz.com
> NSV:
> SSH:
> R:<buildd-maintainers@buildd.debian.org>
> MAID:3
> X-Claws-Privacy-System:pgpmime
> X-Claws-Sign:1
> SCF:#imap/rmurray@cyberhqz.com/Sent
> X-Claws-End-Special-Headers: 1
> From: Ryan Murray <rmurray@debian.org>
> To: buildd-maintainers@buildd.debian.org
> Subject: Updated ssh keys
> With the openssl vulnerability recently discovered, all buildd ssh keys
> have been disabled by DSA.  Please send updated RSA public keys to
> buildd-team@buildd.debian.org for all of your buildds to have
> wanna-build access restored.

Stephen R. Marenka     If life's not fun, you're not doing it right!

Attachment: signature.asc
Description: Digital signature

Reply to: