On Wed, 06 Sep 2006, Henrique de Moraes Holschuh wrote: > On Wed, 06 Sep 2006, Raphael Hertzog wrote: > > Running svn/bzr/arch/git on a separate machine adds very little security > > since all the accounts of costa are copies of the accounts on alioth. And > > Time to fix that, then. [...] > Just remove all password-based shell access, make it key-based only.
Please stop giving me orders. I've spent a whole day handling this security issue, I've already spent many nights preparing the move to the new Alioth. We're improving the security and we're way better than a few months ago, so I don't need someone to lecture me about security. We're open to suggestion, we're open for discussion, we're open for help too. Alioth/Gforge has an integrated SSH key handling mechanism and we could indeed remove the password based login (even if we keep everything on a single host). > However, getting more rights is just a matter of waiting for the next kernel > exploit (just like the attacker did in the last @d.o compromise before > Alioth). Unless Alioth updates kernels now on a very narrow time window, > that even our security team is not capable of meeting? It's not only about time to update the kernel. In the last root compromise, the whole was present for quite a long time and it was fixed for quite a long time, it's just that nobody knew how severe the whole was and that is was effectively exploitable. > Well, maybe it is time to consider improving the security setup instead of > making it worse... Are you volunteering to help us on a daily basis or are you only giving orders to your fellow ? BTW, please read http://lists.debian.org/debian-project/2006/09/msg00058.html and understand that we're improving the situation on many fronts. But it's not a one day job and we can't "just do it". Cheers, -- Raphaël Hertzog Premier livre français sur Debian GNU/Linux : http://www.ouaza.com/livre/admin-debian/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]