August 6, 2021 7:20 AM, "Michael Niedermayer" <mich...@niedermayer.cc> wrote:
> On Wed, Aug 04, 2021 at 11:28:19PM +0100, Derek Buitenhuis wrote: > >> On 8/4/2021 11:03 PM, Michael Niedermayer wrote: >> >> * There is no public documentation on: >> * Who owns the physical infra. >> >> its all donated one way or another IIRC, >> I am a bit hesitant to post a names who provide the servers in public >> for the main server i think its all on the mailing list. Our fate >> machiene is seperate and provided and payed for by a FFmpeg developer >> Theres also a server hosting backups, that reminds me that the backups >> should be tested. That requirres a volunteer probably >> >> I don't think we need to post people's names, but we genrally do >> keep things open here, so I assumed the intent should be the same. >> Reimbursements, funds, hardware, etc. are all posted here. >> >> It does seem somewhat suspicious to me that people providing servers >> to us for free would not want others to know who they are. Maybe I am >> paranoid... > > We do credit them > src/template_footer1: <p class="text-right"><small>Hosting provided by <a > href="https://telepoint.bg">telepoint.bg</a><small></p> > > also i belive i heared somewhere that they wanted more traffic for some > peering stuff or something. This is outside my area of knowledge but it > might shift the cost of providing the server to us. > Sounds about right. Back in my networking days I heard that more traffic means that more companies willing to peer with you for free. >> * Where it is located or who hosts it. >> >> traceroute ffmpeg.org points to telepoint.bg >> >> OK. >> >> I hope the admins have a direct contact there in case of issue. > > I have one contact, i will check and see if we can get some redundant one > >> * Who has admin access and how to contact them. >> >> project server line in MAINTAINERS file, not everyone is active but even >> inactive >> ones can help in an emergency potentially >> >> I more meant: Is that list an exhaustive / complete list of who has >> access on the servers? If so, apologies. It is not clear to me if it is. >> Honestly, mostly due to it being unclea who the owners / hosters are and >> if they have access. > > I checked the list of keys and i believe ubitux, Tim Nicholson and Roberto > Togni > have access too > Tim IIRC did some work on the mail stuff longer ago but ive not heared from > him since a long time. ubitux provided a server to us for a while > There are no other keys on the main host server or main virtual one, i didnt > check the other virtual machienes > The hoster would of course have physical access > > That said, if anyone of the people having admin access currently would want > to help maintain anything like the mail stuff, iam certainly not unhappy about > that. > >> * Any way to audit admin access. >> >> What do you mean by "audit admin access" ? >> >> A way to know accessed the server and when, should anything bad happen and >> who has access - that cannot be deleted locally by someone with root. >> Especially >> on the git server. >> >> I may have made a bad assumption here if this is already in place. Apologies >> if so. >> To my knowledge, it isn't, though. > > Iam not aware of something like that being in place. > but developer git is provided by videolan. We just provide the webpage git > and mirror the ffmpeg git for public access with matching SSL certificates > which videolan would not be able to do as they have no SSL certs for > ffmpeg.org > we could also "easily" move the developer git to our server but there was no > reason to do that and "if it aint broken ..." > > That said, is there something specific you would suggest should be done/put > in place for "audit admin access" ? Maybe have a program which tells which users/IP logged in and what they did. A log file that tracks which files are being edited and opened, etc.. so if something goes wrong it can be traced back. > [...] > >> All this said, the truth with open source projects probably is as long as >> it works well enough noone volunteers to help. >> >> This is true. You can consider this me volunteering to help if you need it >> somewhere. > > ok, this is good to know > > thx good luck Derek. I know you can do it. > > [...] > > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Avoid a single point of failure, be that a person or equipment. > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".