[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security incident on Alioth and other Alioth news

On Thu, 07 Sep 2006, Raphael Hertzog wrote:
> On Wed, 06 Sep 2006, Henrique de Moraes Holschuh wrote:
> > On Wed, 06 Sep 2006, Raphael Hertzog wrote:
> > > Running svn/bzr/arch/git on a separate machine adds very little security
> > > since all the accounts of costa are copies of the accounts on alioth. And
> > 
> > Time to fix that, then.
> [...]
> > Just remove all password-based shell access, make it key-based only.
> Please stop giving me orders.

I am not ordering anyone to do anything.  Sorry if it sounded like this, but
on the other hand, I did not appreciate your sarcastic reply either, which
is why I used a tongue-in-cheek tone.

> We're open to suggestion, we're open for discussion, we're open for help
> too. Alioth/Gforge has an integrated SSH key handling mechanism and we
> could indeed remove the password based login (even if we keep everything
> on a single host).

Well, what could I help you with that would allow Alioth to drop password

> Are you volunteering to help us on a daily basis or are you only giving
> orders to your fellow ?

Sure I can help.  Please point me and other volunteers to where we can find
a task list, and how do we coordinate with you guys.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: