From Fedora Project Wiki

< FWN‎ | Beats

 
(28 intermediate revisions by 3 users not shown)
Line 6: Line 6:
http://fedoraproject.org/wiki/Infrastructure
http://fedoraproject.org/wiki/Infrastructure


Contributing Writer:  HuzaifaSidhpurwala
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]


=== Intrusion update ===
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref>


Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.


=== func logrotate fix ===
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.


[[MikeMcGrath|Mike McGrath]] wrote on the @fedora-infrastructure-list [1] that he would like to implement a global fix to logrotate in which /etc/init.d/funcd condrestart would be replaced by
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication.
/etc/init.d/funcd condrestart > /dev/null. The reason for the fix is because the original config is generating spam. However [[JonStanley| Jon Stanley] opposed this [2]. He said that it violates the concept of a change freeze. However at the end the change was implemented.
It was a two factor authentication and therefore was more secure than passphrase or ssh keys.


[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-September/msg00219.html
<references/>
 
[2] https://www.redhat.com/archives/fedora-infrastructure-list/2008-September/msg00224.html
 
=== metalinks for F10 download pages ===
 
[[MattDomsch|Matt Domsch]] wrote on the @fedora-infrastructure-list [3] that mirrors.fp.o now supports metalinks [1].  metalinks are XML documents that act like a yum mirrorlist, but with more detail, allowing client download tools to more easily select a mirror that will be fastest for
them.
 
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-October/msg00010.html
 
Jeffrey Ollie asked if these links were supposed to work on firefox, atleast for testing [4] on which Jesse replied that there was some work done on Mirror Manager yesterday and they should be working.
 
[4] https://www.redhat.com/archives/fedora-infrastructure-list/2008-October/msg00014.html
 
=== smtp-server? ===
 
Thomas Spura wrote on @fedora-infrastructure-list [5] and asked Why isn't it possible to configure an smtp-server to send username fedoraproject org mails? To this Mike replied that in
In your mail client you should be able to set a @fedoraproject.org address.  Lots of other providers support this as well (like gmail for example) [6]
 
[5] https://www.redhat.com/archives/fedora-infrastructure-list/2008-October/msg00013.html
 
[6] https://www.redhat.com/archives/fedora-infrastructure-list/2008-October/msg00016.html

Latest revision as of 04:36, 6 April 2009

Infrastructure

This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Intrusion update

Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]

Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.

There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.

DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.