On 09/28/2011 03:32 PM, Kim Moir wrote:
However, at the same
time we need to be able to do our jobs in a
productive fashion so that we can continue to deliver great
software to
the community.
I believe you each time you say this :) If we're doing
anything that cuts into your productivity, please let me know
ASAP.
Denis
From:
Denis Roy
<denis.roy@xxxxxxxxxxx>
To:
cross-project-issues-dev@xxxxxxxxxxx
Date:
09/28/2011 03:08 PM
Subject:
Re:
[cross-project-issues-dev]
Security changes to SSH and shells explained
Sent by:
cross-project-issues-dev-bounces@xxxxxxxxxxx
On 09/28/2011 02:49 PM, Eric Gwin wrote:
What about Use-case 1a; The evil hacker who
hypothetically
stole David's private key operates out of the Bahamas,
Good points.
Clearly, our number one priority as a community must be
preventing David
Williams from vacationing in the Bahamas. That must never
happen.
Seriously, I'm trying to keep this simple. I'm assuming that
before
confirming that the network you're using is trustworthy you've
ensured
that it indeed is (ie, there isn't a microwave dish pointed
directly at
you, no one placed a briefcase with a hole in it over your
keyboard, etc.).
However, I'd be interested to know your thoughts on how we'd
implement
a "temporary trust"... Perhaps, when replying to the email,
you type a keyword in the email body that we parse and use?
On 09/28/2011 03:01 PM, David Carver wrote:
Eliminate the need for Shell access entirely,
otherwise
this is just a bandaid, and if somebody really wants to get into
the servers,
they'll find a way to do it.
Ultimately, eliminating the need for a shell is the goal. Since
many
projects use shell-based builds, we can't just assume that
torquing Hudson
will solve all our problems today.
|
