On Sat, 2005-11-19 at 19:02 -0600, Lance Albertson wrote: > For now, I don't want to rsync more than every 30 minutes (concerns of > overloading the main cvs server). Pylon has mentioned that the newer > version of cvs has better commit hooks that may allow for more of a live > replication effect, but I don't expect that to happen any time soon. I > will try and come up with a revised version of GLEP 41 and see if > hparker and folks will agree with this new solution. > > We will probably still have the blocking script on this server, but will > be at a much higher level. This is just to prevent folks from abusing > the service or giving out their access for other people to use. I really > don't see that happening, but I would prefer to have some kind of > prevention in place for infra's sake. I'll have to think out details on > the authentication scheme for access, but I would assume it would be per > AT and not a shared access account. > > Thoughts?
If any user really wanted to get the access that AT/HT's get, and the
AT/HT was so to give them it, there would be different IP addresses from
the same auth 'similaneously'. ie. logs state, IP A, IPB IPA, IPb. this
would indicate a security violation and revocation of privilege for the
AT/HT. Accomplished Via script?
Personally, If I wanted a user to have access to the same tree I had, I
would say A) chill for 12hrs, B) sync to my local mirror, C) post
ebuild.tar for them. I don't believe there is an issue with AT/HT's
disseminating access to users. However I understand the need to be
prepared in case it happens.
25-55min delay may need to be acceptable.
<brainstorming out loud>
Allow (x) access to the dedicated rsync server, not limited by time.
- Allow Devs to change this number if they feel it is necessary
- <5min access when working directly with Dev.
- number reset every (y) days.
(this means new infra, so prolly not)
Per AT Access:
Each AT upload their ssh_pub to the existing infra - use that
for ?secure? rsync auth.
</>
--
Lares Moreau <[EMAIL PROTECTED]> | LRU: 400755 http://counter.li.org
Gentoo x86 Arch Tester | ::0 Alberta, Canada
Public Key: 0D46BB6E @ subkeys.pgp.net | Encrypted Mail Prefered
Key fingerprint = 0CA3 E40D F897 7709 3628 C5D4 7D94 483E 0D46 BB6E
signature.asc
Description: This is a digitally signed message part
