christian.hartmann posted <[EMAIL PROTECTED]>, excerpted below, on Wed, 29 Jun 2005 09:54:35 +0200:
> Lance Albertson: >> > I'm just getting ansty about all these new people we're bringing on >> > and the security behind it. Thats my main concern at this point, not >> > whether your work is more or less than a regular developer. > > Andrea Barisani: >> Seriously security_wise and admin_wise I don't see shell access useful >> neither appropriate imho. >> Btw how many forums moderators are we talking about? > > I know what you're talking about. I usually don't like to give ppl shell > access to boxes I'm in charge of. I'm kinda paranoid on this one. ;) But > it's just about 10 more accounts. Knowing that toucan and all the other > infrastructure servers are pretty locked down and knowing that most of us > are really aware of security (keeping your ssh-keys in a secure place; use > stong passwords; lock down boxes; don't run weird scripts on servers, > etc.) I don't see a problem here. We are very careful about whom to give > the permissions to moderate the forum. Before granting them access to > moderate (as in moving, deleting, editing etc) the forum we have a close > look at the ppl so that we can make sure they don't do something nasty > with their permissions. I don't blame anyone for being antsy about a whole group getting new access at one point, I'd be antsy too. However, keep in mind that these /are/ /global/ moderators we are talking about, that have demonstrated their worth to Gentoo over multiple forums over a long enough time to have already been made /global/ mods. CVS access is an entirely different story, of course, but for general shell access -- it should be pretty clear by now what their intentions are on Gentoo, and given their position in /very/ public view as Gentoo global mods, IMO they could do /far/ more damage to Gentoo in a few minutes or hours on the forums than they could with a single shell account on a single machine (assuming proper internal firewalling between that box and others, and proper administrative supervision of a box with that many folks having shell accounts on it) in any case. Not only do we trust them with the highly publicly visible position of global mods, but now we are making them staff. If there's any reasonable doubt security-wise, there's something wrong with the whole situation we find ourselves in in the first place. Also, as someone else pointed out in the earlier thread, in a year, when they get full Foundation voting rights, they'll need shell accounts anyway, to be able to properly vote, unless of course some other arrangements are to be made by then. That does give us a year to work with on activating the accounts, true, but they've got to be activated sooner or later, and if we're already trusting them to the degree we are in the global mod position and now as staff, it might as well be now. All that said, the more people with accounts on a box, the lower the "mean time before failure", just in general terms, even if each individual is 100% trusted. That's just the way things work. So, yeah, ten new in what amounts to one shot... it SHOULD be giving people a bit of the shivers. If it's not, those folks must either not be concerned about security, or they've lost their edge. All IMO of course. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman in http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html -- gentoo-dev@gentoo.org mailing list
