Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] Security changes to SSH and shells explained

On 09/28/2011 03:32 PM, Kim Moir wrote:
However, at the same time we need to be able to do our jobs in a productive fashion so that we can continue to deliver great software to the community.  

I believe you each time you say this  :)   If we're doing anything that cuts into your productivity, please let me know ASAP. 



From:        Denis Roy <denis.roy@xxxxxxxxxxx>
To:        cross-project-issues-dev@xxxxxxxxxxx
Date:        09/28/2011 03:08 PM
Subject:        Re: [cross-project-issues-dev] Security changes to SSH and shells explained
Sent by:        cross-project-issues-dev-bounces@xxxxxxxxxxx

On 09/28/2011 02:49 PM, Eric Gwin wrote:
What about Use-case 1a; The evil hacker who hypothetically stole David's private key operates out of the Bahamas,

Good points.

Clearly, our number one priority as a community must be preventing David Williams from vacationing in the Bahamas.  That must never happen.

Seriously, I'm trying to keep this simple.  I'm assuming that before confirming that the network you're using is trustworthy you've ensured that it indeed is (ie, there isn't a microwave dish pointed directly at you, no one placed a briefcase with a hole in it over your keyboard, etc.).

However, I'd be interested to know your thoughts on how we'd implement a "temporary trust"...  Perhaps, when replying to the email, you type a keyword in the email body that we parse and use?

On 09/28/2011 03:01 PM, David Carver wrote:

Eliminate the need for Shell access entirely, otherwise this is just a bandaid, and if somebody really wants to get into the servers, they'll find a way to do it.

Ultimately, eliminating the need for a shell is the goal.  Since many projects use shell-based builds, we can't just assume that torquing Hudson will solve all our problems today.  

Back to the top