Hi, Following the instructions post-compromise, and even if a bit late, the DDP CVS has been checked by different members of the project [1]. The HEAD branch has been checked, and the full history of only some of the scripts. There's no indication of any suspicious change so I would like to ask, on behalf of the DDP team, the restoration of the service. Notice that we would just like the CVS restored to its former location, pserver access should not be enabled. Since there is a cron job at klecker which extracts the CVS and runs scripts on it (at least 'make publish') we would also like the cron job to be reenabled (if it has been stopped). Notice the DDP data will be moved to Alioth [2] in the short or mid-term [3]. So we would also like some input in how does debian-admin that would be setup considering that more users than the former 52 will probably have access to the DDP and that brings some security concerns [4]. Some ideas have popped up in the mailing list, such as having gluck CVS be merged manually by DD from Alioth's, or setting up a Makefile-only CVS at gluck that recovers sgml data from Alioth [4]. Having the cronjob at klecker run chrooted would be sensible too. We would need help setting up this transition though, since none of us (well, maybe Joy, but he's busy atm) can make those changes at gluck/klecker. Regards Javier [1] Including osamu: http://lists.debian.org/debian-doc/2004/debian-doc-200402/msg00003.html and me: http://lists.debian.org/debian-doc/2004/debian-doc-200402/msg00005.html [2] Some things have already moved there (the manpages currently): http://lists.debian.org/debian-doc/2004/debian-doc-200401/msg00051.html [3] http://lists.debian.org/debian-doc/2004/debian-doc-200402/msg00008.html [4] http://lists.debian.org/debian-doc/2004/debian-doc-200402/msg00004.html [5] http://lists.debian.org/debian-doc/2004/debian-doc-200402/msg00021.html
Attachment:
signature.asc
Description: Digital signature