[Gluster-infra] separating code analysis from download

Michael Scherer mscherer at redhat.com
Thu Nov 5 09:31:37 UTC 2015 

Hi,

as part of the hardening of the infra (as I do not want to have to deal
again with the same type of issue as we dealt with the shell.gluster.com
compromise), I would like to keep download.gluster.org restricted as
much as possible and used only for "official" download.

And also keep everything in salt, which didn't happen as soon as 2 days
after putting the new server in production (which would make me scream
if I was not forbidden for medical reason this week), since the static
analysis results and a separate user were added without telling. 

So in order to lock down again the server, I propose to change that.

As there is a need to share data as part of development, I would propose
2 things:

- place all automated tests reports (ie, stuff like the coverty reports,
etc) on a separate server. This way, a compromise of the automated tests
client wouldn't result into suspicion on the download server, and as we
do not need backup and redundancy for them, this would simplify the work
and requires less ressources.

I would have done that right away if I had a idea of a correct naming
for the server. So if someone find a name that has some kind of
consensus by the end of the week, I will take it. Otherwise, people will
have to live with whatever horrible name I find ( I guess
reports.gluster.org might be my choice for now ). Someone will have to
fix the docs we have somewhere, if we have.

- place all user produced data in a separate people.gluster.org
webserver. This would permit to give back some freedom to share stuff to
the community, but this one would requires that I finish to setup
freeipa first, and that we decide who has access, or under what
condition. 

If no one protest or comment by end of the 11th of november, I will
consider as full acceptance for whatever I will do.

-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20151105/61edb9c0/attachment.sig>

More information about the Gluster-infra mailing list