Re: DM vs DD and security

To: Kevin Mark <kevin.mark@verizon.net>, debian-devel@lists.debian.org
Subject: Re: DM vs DD and security
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Mon, 19 Mar 2007 15:42:01 -0600
Message-id: <[🔎] 20070319214201.GD30193@gwolf.org>
In-reply-to: <[🔎] 20070319094132.GC22650@localhost>
References: <[🔎] 20070319094132.GC22650@localhost>

Kevin Mark dijo [Mon, Mar 19, 2007 at 05:41:32AM -0400]:
> Hi,
> I was mulling over a 3-tiered Debian contributer system:
> Debian contributer(non-software contributer)
> Debian maintainer(software contributer with limited upload rights)
> Debian developer(software contributer with full upload rights)
> where a a DC and DM would not have access to debian.org machines.

Umh... I don't like that much viewing this as three tiers, three
consecutive stages you progress on as if you were progressing towards
nirvana :) And, besides, you left out the "voting rights" part, which
is quite important as well.

> I think the idea of limiting access to debian.org machines to DDs would
> be more secure than having all DC's and DM's have access. At least that
> is what I surmise. 
> 
> Then I wondered what percentage of DDs require access to debian.org
> machines? 

Umh... Looking at Marga's answer, and thinking a bit on this, maybe
the answer leads somewhere else... As she points out, we all might
need access to a @debian.org machine every now and then, to get to
some information, to update our people.debian.org information, or
whatever - Now, what about this probably over-simplified workflow?

1- Nobody has access to @d.o machines by default
2- There is a subset of @d.o machines which accept DD login
   2.1- There might even be a sub-subset which accept DM or DC
         login. Worth considering :)
3- If a DD needs access to a specific machine, (he|she|it) sends a
   GPG-signed machine-readable message requesting access to the
   specific needed machine
4- After a given time, access will be automatically revoked
   4.1- If somebody often requires access to a machine or set of
        machines, (he|she|it) can request for permanently enabled
        access

I think this would fit most of us quite nicely, and strongly help
prevent breakins like the ones we have suffered. What do you say?

Greetings,

-- 
Gunnar Wolf - gwolf@gwolf.org - (+52-55)5623-0154 / 1451-2244
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- DM vs DD and security
  - From: Kevin Mark <kevin.mark@verizon.net>

Prev by Date: Re: DM vs DD and security
Next by Date: Re: Problems packaging a kernel using cdbs
Previous by thread: Re: DM vs DD and security
Next by thread: Re: DM vs DD and security
Index(es):
- Date
- Thread