D'ar meurzh 29 a viz Genver 2013 e 11 eur 52, « Tom Hacohen » he deus skrivet : > On 29/01/13 10:15, Bertrand Jacquin wrote: > > Hi, > > > > On e5 you (devs) will get access to some VMs using SSH on multiple > > resources : > > > > - SVN (for the moment) > > - GIT > > - buildbots (linux, bsd, osx ...) > > - sandboxes to play with, build your own stuff > > - futur needs ... > > > > At the moment we have different solution to let you access to all > > theses VMs : > > > > - Using multiple TCP port, one for each VM. > > > > - Forcing client to use a special SSH client configuration option in > > ~/.ssh/config so you will be bumped by the main e5 router / load > > balancer to the right destination automatically. > > > > Host *.enlightenment.org > > ForwardAgent yes > > > > I am more enthusiastic to use the second solution as it avoid to use > > ugly URL and the second will need only one modification at the client > > side. > > > > Thanks for your reply and for what you see the more usable for every > > day. > > Wow Beber, that's just misleading and one sided it's amazing. > > First of all, you can set the specific port per machine in the ssh > config, so it's really the same when it comes to convenience in that regard. > Important to mention is that when you'd want to connect to a specific > host with agent forwarding you'd have to do: > "ssh t...@e5v.enlightenment.org ssh tasn@e5-phabricator1" > Yes, you'll have to remember internal hostnames and type everything > twice. This obviously won't work nicely with scp, rsync and every other > thing you might need when you interact with those servers.
Yes it does work nice, just read manual. Yes, using one login for one destination can cause insecure access while socket is owned (rwx) only by the login user while output tcp stream are rejected by firewall rules (but this one is not a reason, I agree), and that socket can be use to bump as root on another VM, but this is mainly due to using one login for every developers needed for gitolite. In my point of view it's a gitolite wrong design. But, I'm OK to use multiple port if many people agree, I'm not closed to this as THIS IS A PROBE. > Using ports on the other hand means you *don't have to* set the config > when using such services, and more importantly, ForwardAgent is > insecure. It essentially means whoever owns e.org owns everyone's > access, which is *bad*. I don't want e.org to be able to use my > credentials to log in to my personal server. The implications are just > awful. This is a probe ! You cannot be everybody point of view when it touch every developers. I'm not telling which one is the right solution, that's a probe ! > Also, it's not true that the second modification only requires one > modification at the client side. The second modification also requires > syncing access from all the servers to the main one, which is especially > annoying in the case of gitolite. Also, this means giving everyone > access to e5v, another thing we don't want. This is a gilolite effect that does not want to play with sticky bit. > The second approach is flawed in so many ways it's just amazing. We > already talked about it in length, and I'm very disappointed to see you > just decided to send this one sided mail. It's not one sided I send a mail to you that I wanted to probe developers. I expressed both solution I have in mind and give my point of view. We decided to have the less modification for users, I'm completely OK with that. I'm really tired discussing thing when people on other side try to use fast and crap solutions just because you want it online without thinking about the global solution, not only part by part. You are free to tell me that you handle/care all the things that remain on the todo list and you don't need me. I'm completely OK with that. Really. You have hand everywhere. Bref, I can gladly retire myself. I always replied with technical solution to our issues and you are always telling me that I'm not listening while it's not the case as I just want to discuss things for a global approach. I don't want to do my mourner so I stop there but you know what I'm thinking. -- Beber
pgpXfpGD0PoBp.pgp
Description: PGP signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnnow-d2d
_______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
