From Fedora Project Wiki

< FWN‎ | Beats

 
(4 intermediate revisions by 2 users not shown)
Line 8: Line 8:
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]


=== svn-to-git mirroring ===
=== Intrusion update ===
[[JimMeyering|Jim Meyering]] said <ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00155.html</ref> that he would like to set up an svn-to-git mirror for a project on fedorahosted. He set up and maintain <ref>git.et.redhat.com</ref>, it's not open for ssh access to people outside of Red Hat, so it's rather limited.
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref>


<references/>
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.
 
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.


=== Change Requests ===
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication.
Due to the impending release of Fedora 11 beta, the infrastructure team is in a change freeze right now.
It was a two factor authentication and therefore was more secure than passphrase or ssh keys.
The following change requests were made during the week.
1. <ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00139.html</ref> Change a piece of code in fas2 which would reduce a particular loop time from 5 mins to 8 seconds. This change was approved and the hotfix was put on the server.
2. <ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00148.html</ref>Add redirect from /legal/trademarks/guidelines to http://fedoraproject.org/wiki/Legal:Trademark_guidelines. This change was approved.
3. <ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00169.html</ref> Make transifex run under transifex user and not apache user. This change was also approved and committed.
4. <ref>
https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00179.html</ref> Change request to update transifex on app1 to the 0.5 version. The change was approved.
5. <ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00182.html</ref> Remove Fedora8 from the infofeed updates: Somehow fedora8 is still being looked for for the infofeed rss feed on planet.fedoraproject.org. This was approved and changes were made.
6. <ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00187.html</ref>Use single quotes for the mysql backup cronjob,this has been causing us to get extra cron spam (and stalling mysql updates). Again this change was approved and committed.


<reference/>
<references/>

Latest revision as of 04:36, 6 April 2009

Infrastructure

This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Intrusion update

Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]

Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.

There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.

DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.