Re: transfering files between *.debian.org hosts

[Russ Allbery <rra@debian.org>]

Bastian Blank <waldi@debian.org> writes:
> On Sat, Aug 30, 2008 at 02:32:08PM +0200, Peter Palfrader wrote:

>>         - AFS suffers from the not-a-filesystem syndrome: file access
>>           control is not unix-like and will confuse users.
>
> Also other parts are not really POSIX-like. Hardlinks or so.

The three main things that are weird are no hardlinks between directories,
directory ACLs rather than file permissions (the group and other mode bits
are basically ignored; the directory ACLs are all that matter), and you
can mount any AFS volume as a directory under any other AFS volume, so you
can get circular file systems.

>>         - might cause problems with existing firewalls.
>
>           - The needed kernel module still uses rootkit-like behaviour.

If you mean the system call table modification, this is now strictly
optional and AFS works fine without it.  It uses keyrings instead of
supplemental groups.  The supplemental group behavior is preserved where
possible for backward compatibility, but the keyring (which was designed
specifically for this sort of thing) is now the canonical repository for
the PAG.

A bigger problem at the kernel level is that the kernel APIs change
constantly and have not infrequently had various GPL-only tags added that
force OpenAFS into annoying workarounds (it is released under the IBM
Public License, another DFSG-free license that isn't quite
GPL-compatible).  However, for systems that run stable, the corresponding
stable release of OpenAFS should continue to work fine.  This mostly is a
problem if one runs a backported kernel, in which case you'll need a
backported OpenAFS as well.

I'd certainly be happy to answer questions and help with AFS setup as I
have time.  I'd love to have a Debian OpenAFS cell.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>