Re: Services I'd like from auric

To: debian-devel@lists.debian.org
Subject: Re: Services I'd like from auric
From: Branden Robinson <branden@debian.org>
Date: Tue, 13 Jan 2004 13:21:00 -0500
Message-id: <[🔎] 20040113182059.GH26290@deadbeast.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20040110111111.GB26045@riva.ucam.org>
References: <20031222033256.GB32656@cloud.net.au> <20031222041849.GG13333@azure.humbug.org.au> <20031222082003.GF13832@grep.be> <20031222102134.GA20159@azure.humbug.org.au> <20031230205709.GF11133@deadbeast.net> <20031231033003.GE24000@riva.ucam.org> <[🔎] 20040101213656.GL1765@deadbeast.net> <[🔎] 20040101214450.GF14688@riva.ucam.org> <[🔎] 20040109191453.GB8318@deadbeast.net> <[🔎] 20040110111111.GB26045@riva.ucam.org>

On Sat, Jan 10, 2004 at 11:11:11AM +0000, Colin Watson wrote:
> On Fri, Jan 09, 2004 at 02:14:53PM -0500, Branden Robinson wrote:
> > > > > On Tue, Dec 30, 2003 at 03:57:09PM -0500, Branden Robinson wrote:
> > > > > > Do we still have cron jobs running stuff out of people's
> > > > > > home directories?  If so, shouldn't they be changed to
> > > > > > execute out of the publicly accessible directories, or,
> > > > > > better yet, the requisite stuff actually checked into CVS?
[...]
> > I wasn't talking about just the testing scripts.  I was talking
> > about all administrative cron jobs of any nature running out of
> > people's home directories.
> 
> Oh, I see. Er, probably "yes", then, but I'm not sure that my saying
> that helps you any. :)
[...]
> There's often a rather blurred boundary between "stuff I'm experimenting
> with" and "part of a service", and most code that's part of a debian.org
> service crosses that boundary at some point in its life.
[...]
> I guess what I'm saying is that yes, I want administrative cron jobs to
> live in shared directories, be writable by the relevant group, be
> checked into CVS, and so on; but I don't think it's always practical to
> set a hard-and-fast rule to that effect for evolving services. We just
> have to handle it on a case-by-case basis.

Sure.  The tricky part is that not very many people can evaluate these
cases on a case-by-case basis with logins to auric restricted.  In fact,
if it's locked down very tightly -- which appears to be the goal and
intent for security purposes -- there may not *be* anyone in a position
to review this sort of code.  Leaving the author as the sole arbiter of
this transition to production use misses the point, and other people
with accounts on auric are going to be busy types with lots of
responsibilities, not the sort of "poke around and see how it really
works" folks from which we recruit our new administrative blood.

Do you have a practical proposal for handling this situation on a
case-by-case basis.  If not, how is that distinguishable from not
dealing with my question at all?

-- 
G. Branden Robinson                |      To stay young requires unceasing
Debian GNU/Linux                   |      cultivation of the ability to
branden@debian.org                 |      unlearn old falsehoods.
http://people.debian.org/~branden/ |      -- Robert Heinlein

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: Services I'd like from auric
  - From: Branden Robinson <branden@debian.org>
- Re: Services I'd like from auric
  - From: Colin Watson <cjwatson@debian.org>
- Re: Services I'd like from auric
  - From: Branden Robinson <branden@debian.org>
- Re: Services I'd like from auric
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Top 5 things that aren't in Debian but should be :-)
Next by Date: Re: String freeze (was Re: Debian Debconf Translation: Compromise)
Previous by thread: Re: Services I'd like from auric
Next by thread: Re: Build-Depends-Indep: debhelper, utilizing it in debian/rules clean
Index(es):
- Date
- Thread