[Gluster-infra] separating code analysis from download

Thu Nov 5 11:44:08 UTC 2015

[fixed CC to gluster-devel at gluster.org]

On Thu, Nov 05, 2015 at 06:13:52AM -0500, Kaleb KEITHLEY wrote:
> <top post>
> How about devel.gluster.org? Or upload.gluster.org?
> 
> Either one would be reasonable for nightly coverity/clang/etc reports as
> well as community uploads?
> 
> </top post>

devel.gluster.org sounds good to me. We will use it for uploading, but
also downloading, unless the uploads get replicated to
download.gluster.org and we use that as the only public accessible
download system.

The nightly builds used to get uploaded to download.gluster.org too. A
replacement system (+user) for that needs to accept scp from
build.gluster.org and be able to download the built packages from Fedora
COPR (was using an lftp script for that).

Thanks,
Niels

> 
> 
> On 11/05/2015 04:31 AM, Michael Scherer wrote:
> > Hi,
> > 
> > as part of the hardening of the infra (as I do not want to have to deal
> > again with the same type of issue as we dealt with the shell.gluster.com
> > compromise), I would like to keep download.gluster.org restricted as
> > much as possible and used only for "official" download.
> > 
> > And also keep everything in salt, which didn't happen as soon as 2 days
> > after putting the new server in production (which would make me scream
> > if I was not forbidden for medical reason this week), since the static
> > analysis results and a separate user were added without telling. 
> > 
> > So in order to lock down again the server, I propose to change that.
> > 
> > As there is a need to share data as part of development, I would propose
> > 2 things:
> > 
> > - place all automated tests reports (ie, stuff like the coverty reports,
> > etc) on a separate server. This way, a compromise of the automated tests
> > client wouldn't result into suspicion on the download server, and as we
> > do not need backup and redundancy for them, this would simplify the work
> > and requires less ressources.
> > 
> > I would have done that right away if I had a idea of a correct naming
> > for the server. So if someone find a name that has some kind of
> > consensus by the end of the week, I will take it. Otherwise, people will
> > have to live with whatever horrible name I find ( I guess
> > reports.gluster.org might be my choice for now ). Someone will have to
> > fix the docs we have somewhere, if we have.
> > 
> > - place all user produced data in a separate people.gluster.org
> > webserver. This would permit to give back some freedom to share stuff to
> > the community, but this one would requires that I finish to setup
> > freeipa first, and that we decide who has access, or under what
> > condition. 
> > 
> > If no one protest or comment by end of the 11th of november, I will
> > consider as full acceptance for whatever I will do.
> > 
> > 
> > 
> > _______________________________________________
> > Gluster-infra mailing list
> > Gluster-infra at gluster.org
> > http://www.gluster.org/mailman/listinfo/gluster-infra
> > 
> 
> _______________________________________________
> Gluster-infra mailing list
> Gluster-infra at gluster.org
> http://www.gluster.org/mailman/listinfo/gluster-infra
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20151105/53631e8a/attachment.sig>