Shawn Walker wrote, On 06/18/08 18:56:
> 2008/6/18 Detlef [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>> 1. It should be possible to limit the access to a pkg.depotd on a
>> IP-Adress base. So people can limit who will use their repository. Or
>> should ipfilter be used here ? Who has an example that could used ?
>> (Ok having all open is the standard ;-)
>
> It is my belief that ip-based mechanisms should be enforced by
> existing infrastructure, and not by the depot server itself.
Hmm yes, I agree.
> Since the most common configuration for a depot server will be reverse
> proxied behind an Apache server, you can also use Apache's mechanisms
> for ip-based enforcement in addition to firewalls and the like.
Yes, to use the proxy mechanism is a good fit here. And maybe for small
installs (lets say on a single dev-system in a larger environment to
save people from using my repo server "by accident") just an ipfilter
rule might be good enough.
> I know that the new depot server code is capable of disabling or
> enabling logging completely, however, I will have to check and see if
> it supports logging based on the severity of the message.
>
> My preference would be to let you specify which severities you want
> logged, "none", "all", "errors", "warnings", etc.
Ahh good, that's better so the user can choose which log he want like
and specify separately:
error
warning (have'nt seen this yet on the pkg.depotd, but ...)
access
and be able to specify for each one a filename or none.
But do'nt let it like now, because if one enables this with the
smf-service, the log-file for smf will become giant after a while if one
uses this and forgets the log-output.
Detlef
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
