[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ftp-master moved to newraff

On Tue, Jan 27, 2004 at 05:54:02PM +0000, James Troup wrote:
> ftp-master has moved to newraff.
> Sorry for the lack of notice.  Although migrating ftp-master to a more
> powerful and better connected machine was always a long term plan, it
> recently became much more immediately necessary.

Can someone elaborate on that, please?

> Tomorrow I'll unrestrict auric.

Are there any special functions auric is to serve now?

> With regards to newraff, I plan to leave that restricted for now.  I
> was serious about setting up a mirror and have been working on it (you
> can see an out-of-date copy on merkel).  And once that's in place, we
> can perhaps have a more meaningful discussion about the merits of
> restriction.

Does that mean the restriction will be more meritorious after a mirror
is set up than it is now?  :)

> newraff is, like spohr, a HP DL380 [Dual P4 2.8Ghz HT Xeon, 6Gb RAM,
> 6x147GB RAID 5 SCSI].  Many thanks to HP for donating it and Above.Net
> for hosting it.
> Also many thanks to both Visi.net and Sun Microsystems for hosting
> and donating auric respectively.

Hear, hear.

I do wonder, however, if it is wise for all of our critical project
infrastructure to be running on the same machine architecture.  Didn't
the fact that ftp-master was not an i386 box potentially save our bacon
from a truly dreadful Trojan attack last November[1]?

Or is the situation that, while hardware diversification among our
infrastructural hosts would be good, we simply don't have sufficiently
beefy hardware of various other architectures to implement it?

Thanks for the update!

[1] N.B., I don't posit that those who exploited our machines had the
time or know-how to have perpetrated a malicious compromise of our
master archive, such that Trojaned packages could have been inserted
into our mirror network from the hub.  However, there *do* exist people
who would have such knowledge were they to gain such privileges on
ftp-master, and we cannot assume that all such people would not behave
maliciously, given the opportunity.

G. Branden Robinson                |    The basic test of freedom is
Debian GNU/Linux                   |    perhaps less in what we are free to
branden@debian.org                 |    do than in what we are free not to
http://people.debian.org/~branden/ |    do.                  -- Eric Hoffer

Attachment: signature.asc
Description: Digital signature

Reply to: