From Fedora Project Wiki

< FWN‎ | Beats

 
(42 intermediate revisions by 3 users not shown)
Line 6: Line 6:
http://fedoraproject.org/wiki/Infrastructure
http://fedoraproject.org/wiki/Infrastructure


Contributing Writer:  HuzaifaSidhpurwala
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]


=== Some noteworthy praise ===
=== Intrusion update ===
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref>


Paul W. Frields writes for fedora-infrastructure-list [1]
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.


Paul forwarded a mail [2] send by Tim Burke, who is the Director of Linux Development inside Red Hat, praising the efforts of fedorans who rose to the occasion to bring things back on track after the recent incidents in Fedora infrastructure.
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.


[1] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00149.html
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication.
It was a two factor authentication and therefore was more secure than passphrase or ssh keys.
[2] https://www.redhat.com/archives/fedora-devel-list/2008-August/msg01023.html


=== Maintaining a partial cvs workarea ===
<references/>
 
Axel Thimm writes for fedora-infrastructure-list [3]
 
Axel described how he was keeping a partial check-out of packages, ie the ones which he was maintaining. Now he would like to be able to cvs up and have all updates flow in, but if he does do so cvs will want to get all other thousand packages in. He is currently using a for loop with pushd/popd, but this process is extremely slow. Axel asked if there was a better way of doing this?
 
[3] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00156.html
 
=== rawhide, /mnt/koji and /pub/fedora ===
 
Jesse Keating writes for fedora-infrastructure-list [4]
 
Jesse created a user "masher" to have the ability to write to /mnt/koji/mash/ but not any of the other koji space.  This is useful to prevent too much damage from a horribly wrong
rawhide compose.  To make things easier in the rawhide compose configs, they decided to run the cron/scripts as the masher user.  This is also good because it means things run unprivileged.  However he ran into a snag.  They have another user, 'ftpsync' that has write access to /pub/fedora/.  Previously the rawhide script was ran as root, and thus it was no problem to su ftpsync for the rsync calls.  The masher user does not possess the capability of doing this.
 
 
[4] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00174.html
 
=== New Key Repo Locations ===
 
Warren Togami writes for fedora-infrastructure-list [5]
 
Warren proposed the latest draft of New Key repo locations. Jesse Keating points out that the deep levels are necessary because mirrors exclude releases by directory name like "9/"
 
[5] https://www.redhat.com/archives/fedora-infrastructure-list/2008-August/msg00198.html

Latest revision as of 04:36, 6 April 2009

Infrastructure

This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Intrusion update

Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]

Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.

There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.

DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.