On Fri, Dec 19, 2003 at 02:15:33PM +0100, Martin Loschwitz wrote: > There is yet another point that, while not bringing up new arguments on the > technical side, yet brings up another point of view: Restricting the access > to auric on the long term is a clear vote of no confidence against any Debian > developer with an account in LDAP DB -- even against those who _take_ care > of security and who do lots of efforts to avoid giving a chance to attackers > (like not logging in from anywhere else than from a surely trusted place, > not using passwords but SSH-Keys stored on encrypted USB memory sticks ...) It is a standard mitigation strategy: don't give access to sensitive resources to people who don't need that access. This is a vote of no confidence in the claim that *ALL* developers with accounts in LDAP will follow the desired security procedures (it only takes one who doesn't to have a compromise), and it's a (wise) vote of no confidence by the admins in their *own* ability to usefully distinguish those who would follow the security procedures from those who won't. It's reasonable to assume that, if one is a DD, *someone* believed they had a brain on their shoulders; but multiplying the odds of this not being true by 1000 developers, and exposing ftp-master to these odds, is not inherently desirable. That said, I think the impact of closing access to auric has been consistently understated because the effects of such access on the project's efficiency are both subtle and diffuse. Above all, access empowers developers to find their own answers and seek their own understanding, which isn't something to be traded away lightly. There have been plenty of assurances that everything on auric can be made available elsewhere through mirroring, but it seems to me that there are many other higher priority services to be restored before anyone is likely to worry about mirroring the archive engine. Locking down auric is a reasonable long-term strategy, but the short-term impact of locking it down *before* mirroring has been implemented is that the only people who can even work on the implementation are the people who are already the most burdened following the compromise; and that the only people who can get certain kinds of information to the masses are people that I'm (personally) reluctant to bother because they have other responsibilities to attend. How big a deal this becomes is really a function of how short-term it is; but as a natural skeptic, I worry that it won't be as short-term as people intend. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature