On 13/09/12 05:32 AM, Borislav Petkov wrote: > My memory is hazy on this, but after the move, what's the policy on > enabling users.kernel.org or userweb.kernel org or some other user web > serving thing? I vaguely remember that we don't want to do this anymore > but I'm not sure.
Well, as such system would be the largest security risk, it's understandable that we're, err... reticent to have it up anywhere near the rest of the infrastructure. :) We do have ssh enabled on two systems that require git and release management, but anyone ssh'ing in never gets a real shell and is severely locked down with SELinux. > In any case, if we do, it would probably be better to have a whole > different machine for such stuff and let users upload their stuff again > without touching the old backups at all... A better question is -- what is the problem we are trying to solve? We are not in the business of providing free web hosting -- our aim is to facilitate kernel development. We already provide a mechanism for git trees and release tarballs. What is lacking is a simple way to publish documentation -- it can be currently done with kup, but it's poorly suited for uploading and managing many small files. We already have a skeleton implementation of pulling such docs from git trees (e.g. git docs are published that way). It's on my list of things to extend this to a more universal and versatile system that would make it easy for anyone to publish arbitrary documentation via their git access -- perhaps on a subdomain like docs.kernel.org/treename/[etc]. We can even require the use of "git tag -s" -- this will give us both adequate security and history of changes. I think this would be a better approach than allowing unfettered ssh access and upload of arbitrary files. Regards, -- Konstantin Ryabitsev Systems Administrator Linux Foundation, kernel.org Montréal, Québec
signature.asc
Description: OpenPGP digital signature
