[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Services I'd like from auric

On Fri, Dec 19, 2003 at 12:23:42AM +0100, Josip Rodin wrote:
> On Thu, Dec 18, 2003 at 10:34:21PM +0100, Martin Loschwitz wrote:
> > I understand the ongoing efforts to make the Debian development boxes
> > more secure and I appreciate them as they will probably help to save
> > our users better from security issues related to the Debian machines.
> > However, I think that we should not burden our own work that hard in 
> > the name of security. 
> You've made a decent post, but it seems to me that the reasons are all
> reasonably unimportant and don't really "burden our own work".

Whether they're important or not really depends on your point of view and
on your needs. I am about to start a new project related to Debian and not
having the possibility of dak comparing configuration files on auric to 
mine will put _significant_ difficulties on my work (besides the fact that
right now you can not even get dak without access to auric as it has not
been re-integrated into cvs.d.o. yet.)

There is yet another point that, while not bringing up new arguments on the 
technical side, yet brings up another point of view: Restricting the access 
to auric on the long term is a clear vote of no confidence against any Debian 
developer with an account in LDAP DB -- even against those who _take_ care 
of security and who do lots of efforts to avoid giving a chance to attackers
(like not logging in from anywhere else than from a surely trusted place,
not using passwords but SSH-Keys stored on encrypted USB memory sticks ...)

> Note that I just noticed that I can no longer see the log of the mirror
> push (which is useful when one is handling mirrors@d.o stuff, being able
> to pinpoint a small amount of problems), but I don't see much reason to
> protest because they were of limited use to me anyway (a comparable amount
> of problems wittnessed in the logs couldn't be fixed solely by myself).
Well, if your example is one where having access to auric is not necessary
in any case, that's just fine. However, you need to understand (and accept)
that for others information from auric may be essential in order to get the
tasks done they got done so far.

> -- 
>      2. That which causes joy or happiness.
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

  .''`.   Martin Loschwitz           Debian GNU/Linux developer
 : :'  :  madkiss@madkiss.org        madkiss@debian.org
 `. `'`   http://www.madkiss.org/    people.debian.org/~madkiss/
   `-     Use Debian GNU/Linux 3.0!  See http://www.debian.org/

Attachment: signature.asc
Description: Digital signature

Reply to: