[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian needs more buildds. It has offers. They aren't beingaccepted.

On Thu, Feb 19, 2004 at 10:55:56AM +0100, Ingo Juergensmann wrote:
> On Thu, Feb 19, 2004 at 10:23:33AM +0100, Wouter Verhelst wrote:
> > > Well, one could argue that basically nothing has changed. The threatening was
> > > always there and always be there. And from time to time there's is and will be
> > > a compromise. Nothing changed.
> > Well, yes, there's a difference. As I pointed out previously, it makes
> > not much sense trying to implement strict access controls from a small
> > number of systems if OTOH, there's a much larger group of people for
> > which the controls aren't relevant. If, however, without the large group
> > of people, the to-be-closed-down group is sufficiently small (check),
> > well-known (check), and the result if a break-in is potentially
> > extremely harmful (check; ftp-master is, uh, ftp-master), then it
> > suddenly makes a *lot* more sense to implement such access controls.
> I don't disagree here, but the way of how this is going to be obtained is
> questionable. 

I don't see how. If you have some concern with an area that you think
could make it easier for an attacker to be able to log into
ftp-master.d.o, then take it up with James -- or, perhaps more
appropriately, debian-admin@l.d.o. I'm sure that, if your concerns are
justified, they'll be happy.

> > > You can't totally secure an open project with thousands of developers.
> > No, but you can secure a mirror archive network by restricting access to
> > its main server, which is what James is doing. That's reasonable;
> > hundreds of thousands of users depend on the integrity of our archive
> > network every day; we can't risk, not even remotely, for the archive to
> > be compromised.
> But then again you should take care of other issues. IMHO, accessing
> machines by pub keys intead of passwords makes it easier to compromise a
> larger number of machines. 

The two aren't connected. There are no thousands of users accessing
ftp-master.d.o by pubkeys anymore; only a few admins (whom, I might
hope, have their pubkeys protected by passwords) and some buildd
machines (where the buildd can only run "/usr/bin/wanna-build" on the
remote machine; everything else is not allowed by the sshd running on
ftp-master.d.o). The fact that Debian Developers can put their SSH
pubkey in the LDAP directory at db.debian.org isn't even remotely

Again, if you have a valable suggestion that could increase the security
and robustness of ftp-master.debian.org, please do communicate it to the

Wouter Verhelst
Debian GNU/Linux -- http://www.debian.org
Nederlandstalige Linux-documentatie -- http://nl.linux.org
"Stop breathing down my neck." "My breathing is merely a simulation."
"So is my neck, stop it anyway!"
  -- Voyager's EMH versus the Prometheus' EMH, stardate 51462.

Attachment: signature.asc
Description: Digital signature

Reply to: