Re: Debian needs more buildds. It has offers. They aren't beingaccepted.

To: Ingo Juergensmann <ij@2004.bluespice.org>
Cc: Nathanael Nerode <neroden@twcny.rr.com>, debian-devel@lists.debian.org
Subject: Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
From: Wouter Verhelst <wouter@grep.be>
Date: Thu, 19 Feb 2004 10:23:33 +0100
Message-id: <[🔎] 20040219092332.GA5154@grep.be>
In-reply-to: <53458.217.229.178.165.1077175877.squirrel@217.229.178.165>
References: <[🔎] 200402181754.30893.neroden@twcny.rr.com> <[🔎] 20040219001241.GA2313@2004.bluespice.org> <[🔎] 20040219020136.GA3755@grep.be> <53458.217.229.178.165.1077175877.squirrel@217.229.178.165>

On Thu, Feb 19, 2004 at 08:31:17AM +0100, Ingo Juergensmann wrote:
> Wouter Verhelst said:
> > There's nothing funny about that. Before the compromise -when
> 
> It's funny as in sarcastic fun.
> 
> > ftp-master.d.o was still not restricted- there was no point in trying to
> > close down SSH access, as there were a thousand developers that had
> > shell access to that machine. Closing down a simple one-command SSH
> > access, and/or HTTP access, from buildd machines in such a situation is
> > pointless; it's far easier for an attacker to compromise a Debian
> > Developer's machine than to try to break into an autobuilder machine,
> > which is generally watched upon much closer than a random developer's
> > machine.
> > In the mean time, however, that situation has changed. It is now no
> 
> Well, one could argue that basically nothing has changed. The threatening was
> always there and always be there. And from time to time there's is and will be
> a compromise. Nothing changed.

Well, yes, there's a difference. As I pointed out previously, it makes
not much sense trying to implement strict access controls from a small
number of systems if OTOH, there's a much larger group of people for
which the controls aren't relevant. If, however, without the large group
of people, the to-be-closed-down group is sufficiently small (check),
well-known (check), and the result if a break-in is potentially
extremely harmful (check; ftp-master is, uh, ftp-master), then it
suddenly makes a *lot* more sense to implement such access controls.

> You can't totally secure an open project with thousands of developers.

No, but you can secure a mirror archive network by restricting access to
its main server, which is what James is doing. That's reasonable;
hundreds of thousands of users depend on the integrity of our archive
network every day; we can't risk, not even remotely, for the archive to
be compromised.

[...]
-- 
Wouter Verhelst
Debian GNU/Linux -- http://www.debian.org
Nederlandstalige Linux-documentatie -- http://nl.linux.org
"Stop breathing down my neck." "My breathing is merely a simulation."
"So is my neck, stop it anyway!"
  -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
  - From: Ingo Juergensmann <ij@2004.bluespice.org>

References:
- Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
  - From: Nathanael Nerode <neroden@twcny.rr.com>
- Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
  - From: Ingo Juergensmann <ij@2004.bluespice.org>
- Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
  - From: Wouter Verhelst <wouter@grep.be>

Prev by Date: Re: Python or Perl for a Debian maintainance project?
Next by Date: Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
Previous by thread: Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
Next by thread: Re: Debian needs more buildds. It has offers. They aren't beingaccepted.
Index(es):
- Date
- Thread