[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] End of an Era: shell access.

On 8/27/19 13:27, Denis Roy wrote:

I think we're one of the last shops on earth that has SSH shell access right into our mission-critical infra. Even before 2009 this practice was pure insanity from a data/systems security perspective but it was maintained as there were not many options.


While I am all in favor of the restricted shell efforts I think one perspective has not been well documented. Do the "official webmasters" have full shell access? (the answer I assume is: "yes, of course"). So from another perspective, those people that say they really need shell access are probably doing some level of "webmaster work". That is at least part of the reason a lot of this got started back when there was too much work for one webmaster to do and volunteers were needed from the community. So, perhaps part of the solution to the problem of shell access is for the "official webmasters" to take over the work that Markus and Ed (and others) are doing. Or, perhaps distinguish the use-cases some so that some very few people are declared as "honorary webmasters" -- complete with training and "security certification" or whatever you do for the "official webmasters" to ensure a secure system.

I just had not seen the problem framed from this perspective and wanted to do that before the topic closed completely.

Thanks for reading,

P.S. I am certainly NOT one of those honorary webmasters (any longer :) so it does not really matter to me what you do -- just giving unsolicited advice. :/