[Gluster-infra] glusterfs github is out of sync.

Michael Scherer mscherer at redhat.com
Wed Oct 28 11:18:10 UTC 2015 

Le mercredi 28 octobre 2015 à 16:24 +0530, Kaushal M a écrit :
> On Wed, Oct 28, 2015 at 4:01 PM, Michael Scherer <mscherer at redhat.com> wrote:
> > Le mercredi 28 octobre 2015 à 15:57 +0530, Kaushal M a écrit :
> >> Authentication failure is causing the replication plugin pushes to fail.
> >>
> >> The gerrit ssh key was attached to Avati's account IIRC. Maybe he's
> >> removed the key by mistake.
> >
> > Nope.
> > The key was removed due to the compromise Amye posted about on
> > gluster-users. You can ask her details, cause she will likely be much
> > more polite than me to explain the whole topic :)
> 
> An ssh key pair is still present on review.gluster.org though.

So maybe not the same key. Which one is it ?

> >
> >> It'll be good if we add keys to an org instead of individual user's
> >> account.  But as we can't do that, what do people feel about creating
> >> a `glusterbot` or `glusterant` account controlled by the community?
> >
> > I am ok with the idea but:
> > - it need to be a account using a email the project can recover, not a
> > personal one
> 
> I think we can setup an email alias or a mailing list on the gluster
> mail infra, which includes the admins of the Gluster org in Github.

I am fine with the idea. But now, that mean we will have a official
group of people, and I rather not have a group "admin of github and adin
of gerrit and admin of rackspace and admin of the infra". 

So if we go this way, I will likely start to remove people access and
centralize all in a ldap. (sync between github/rackspace and that list
is a open problem).

> > - what about using 2FA for that account ?
> 
> Don't know how we could do this though. Maybe the first person
> enabling 2FA could save the text code for the generator, and share it
> with everyone, but doing is probably bad.

Yeah, that's not how it is supposed to work :)

I guess that again, using a proprietary services restrict our security
options, because they target smaller community.

-- 
Michael Scherer
Sysadmin, Community Infrastructure and Platform, OSAS


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.gluster.org/pipermail/gluster-infra/attachments/20151028/5cadadef/attachment.sig>

More information about the Gluster-infra mailing list