Re: people.debian.org to move to ravel

To: debian-devel@lists.debian.org
Cc: Peter Palfrader <weasel@debian.org>
Subject: Re: people.debian.org to move to ravel
From: Steve Langasek <vorlon@debian.org>
Date: Thu, 28 Aug 2008 18:51:20 -0700
Message-id: <[🔎] 20080829015120.GA22720@dario.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org, Peter Palfrader <weasel@debian.org>
In-reply-to: <[🔎] 20080828193141.GK9633@anguilla.noreply.org>
References: <20080827120031.GA32039@intrepid.palfrader.org> <[🔎] 20080828071223.GC7061@dario.dodds.net> <[🔎] 20080828193141.GK9633@anguilla.noreply.org>

On Thu, Aug 28, 2008 at 09:31:41PM +0200, Peter Palfrader wrote:
> On Thu, 28 Aug 2008, Steve Langasek wrote:

> > One of the services running on gluck is lintian.debian.org, which until now
> > has been available for all developers to use in doing archive-wide scans.
> > Is this service no longer going to be available to developers at large?

> Unknown.  We have not talked to the lintian folks yet on what we are
> going to do with lintian.d.o, if in fact we do anything at all.

> The first step is to get people.d.o out from the HP network because they
> really don't want us shipping software from their place.

Right, I'm aware of that constraint.  Might it be possible to satisfy this
requirement while still allowing developer access to the machine, though,
and just disabling UserDir support?  That would leave the lintian lab
available while eliminating the software distribution...

> > I generally avoid using password authentication to Debian hosts, *except* in
> > the particular case of scp'ing files from one Debian host to another because
> > I don't have a key that I'm willing to do authentication forwarding on to
> > Debian hosts, nor do I particularly want to use up my home bandwidth copying
> > files up and down to move them between two remote hosts.  I would appreciate
> > not having this use case impaired by policy changes of unclear origin.

> I think it's pretty obvious why this policy change is something that
> should have been done long ago.  That being said we are evaluating means
> that will allow simple file transfers.

Well, as noted it's not an unqualified win for security, so it's helpful to
have the reasoning made explicit.  It does protect users from having their
passwords sniffed on login in the event of a compromise, but it doesn't
prevent their ssh authentication forwarding (if any) from being used to
compromise other hosts in the same way that password sniffing could.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
Ubuntu Developer                                    http://www.debian.org/
slangasek@ubuntu.com                                     vorlon@debian.org

Reply to:

References:
- Re: people.debian.org to move to ravel
  - From: Steve Langasek <vorlon@debian.org>
- Re: people.debian.org to move to ravel
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: Re: What should be on a rescue CD ? (was Re: Debian Live Lenny Beta1)
Next by Date: Bug#496991: ITP: box2d -- 2D physics engine for games
Previous by thread: Re: people.debian.org to move to ravel
Next by thread: transfering files between *.debian.org hosts (was: people.debian.org to move to ravel)
Index(es):
- Date
- Thread