[Gluster-infra] glusterfs github is out of sync.

Kaushal M kshlmster at gmail.com
Mon Nov 23 03:48:40 UTC 2015


On Wed, Oct 28, 2015 at 4:48 PM, Michael Scherer <mscherer at redhat.com> wrote:
> Le mercredi 28 octobre 2015 à 16:24 +0530, Kaushal M a écrit :
>> On Wed, Oct 28, 2015 at 4:01 PM, Michael Scherer <mscherer at redhat.com> wrote:
>> > Le mercredi 28 octobre 2015 à 15:57 +0530, Kaushal M a écrit :
>> >> Authentication failure is causing the replication plugin pushes to fail.
>> >>
>> >> The gerrit ssh key was attached to Avati's account IIRC. Maybe he's
>> >> removed the key by mistake.
>> >
>> > Nope.
>> > The key was removed due to the compromise Amye posted about on
>> > gluster-users. You can ask her details, cause she will likely be much
>> > more polite than me to explain the whole topic :)
>>
>> An ssh key pair is still present on review.gluster.org though.
>
> So maybe not the same key. Which one is it ?
>
>> >
>> >> It'll be good if we add keys to an org instead of individual user's
>> >> account.  But as we can't do that, what do people feel about creating
>> >> a `glusterbot` or `glusterant` account controlled by the community?
>> >
>> > I am ok with the idea but:
>> > - it need to be a account using a email the project can recover, not a
>> > personal one
>>
>> I think we can setup an email alias or a mailing list on the gluster
>> mail infra, which includes the admins of the Gluster org in Github.
>
> I am fine with the idea. But now, that mean we will have a official
> group of people, and I rather not have a group "admin of github and adin
> of gerrit and admin of rackspace and admin of the infra".
>
> So if we go this way, I will likely start to remove people access and
> centralize all in a ldap. (sync between github/rackspace and that list
> is a open problem).
>

Michael, can we get this done now? Or do we need to wait for the
community ldap to be setup? We don't want to keep pushing to Github
manually.

>> > - what about using 2FA for that account ?
>>
>> Don't know how we could do this though. Maybe the first person
>> enabling 2FA could save the text code for the generator, and share it
>> with everyone, but doing is probably bad.
>
> Yeah, that's not how it is supposed to work :)
>
> I guess that again, using a proprietary services restrict our security
> options, because they target smaller community.
>
> --
> Michael Scherer
> Sysadmin, Community Infrastructure and Platform, OSAS
>
>


More information about the Gluster-infra mailing list