1> do we have a processes for issuing Admin rights to new admin's? 2> If no, then How do other companies bring on new admins? 3> Who are our current admins? 4> What rights do they have for what services/virtual spaces.
On Mon, Mar 17, 2014 at 11:00 PM, Omar Rassi <[email protected]> wrote: > As a sysadmin myself, I'd have to agree with the extra scrutiny for > digital assets. I don't see it as a personal attack on anyone that > regarding this scrutiny, we've spent the past three years fine tuning this > virtual space to what it is now. Our virtual space is not like our physical > space at all, you can't walk in to 48 South Summit and accidentally burn > the whole building down with a typo or wrong command with ease, but that is > MUCH easier to do on our virtual space. > > I've been involved with Synhak since Torrie's garage and in all this time, > I have decided not to get involved with the AWS instances for this reason > since I typo alot, instead I applied my talents elsewhere. Although, it > would be nice if anyone who wanted to try their hand at improving our AWS > instance or "Virtual Space" had sudo access to a sandbox duplicate, then we > can only commit changes to the live instance that are proven to work while > only providing read only access to the live instance. Keep in mind that the > "Virtual Space" you are talking about does not just contain the website, as > I understand it, Spiff is also on AWS, which handles, among other things, > our membership database. Let's please try to keep admin rights to this on a > "need to know" basis. I feel the term "positive control" (I know I use it > alot) applies well in this scenario. > > > On Mon, Mar 17, 2014 at 7:50 PM, Torrie Fischer > <[email protected]>wrote: > >> On Monday, March 17, 2014 18:22:38 Justin Herman wrote: >> > NOTE: Chris and Torrie were able to decrypt it with their private key's. >> > >> > In order to avoid extra noise and virtual conflict I have opted to >> answer >> > any questions during our meeting. I will be available to answer any >> > questions during that time. This is equivalent in conditions met to >> acquire >> > a Physical Space key. >> >> Noise implies useless information. I'm certain that SYNHAK would find >> someone's reason for wanting access to AWS and all of our servers to be >> useful >> and even important information. >> >> I'm concerned about this "virtual conflict" you perceive. Why would you >> think >> that an open discussion about security would create conflict? >> >> You're also aware that meeting in person during a meeting aren't the >> conditions for getting a key, right? It involves a proposal for Consensus. >> There's also the fact that a physical door key is completely different >> from >> having administrative access to synhak.org. >> >> I will block any proposal to grant you AWS access on the grounds that you >> haven't demonstrated why I should trust you, and that you're currently >> demonstrating some interesting interpretations of protocols. >> >> > >> > On Mon, Mar 17, 2014 at 6:10 PM, Torrie Fischer >> <[email protected]>wrote: >> > > On Monday, March 17, 2014 17:05:56 Justin Herman wrote: >> > > > SOME KIND OF BLOB >> > > >> > > Ok. Right. >> > > >> > > You sent a SSH key signed with a PGP key that I have not verified. The >> > > signed >> > > key was encrypted with my public key, meaning that only I could >> decrypt >> > > it. >> > > >> > > Justin, are you aware that we are also asking you questions and not >> just >> > > asking for an SSH key? I'll copy them again: >> > > >> > > VVVV QUESTIONS VVVV >> > > >> > > 1.) What is your primary purpose for requesting access to AWS? >> > > 2.) What problems with the current website and online infrastructure >> do >> > > you >> > > currently see that require AWS root and sudo access to solve? >> > > 3.) What improvements can you offer to the overall infrastructure? >> > > 4.) Are you familiar with Ansible, the configuration-management >> software >> > > used >> > > to configure, deploy and maintain servers? If not, do you intend to >> learn >> > > about it? >> > > >> > > ^^^^ QUESTIONS ^^^^ >> > > >> > > In case they kept getting lost in the noise of this thread, I've also >> > > trimmed >> > > out the rest of the inline quotes. >> > > >> > > There seems to be a pattern of not answering any questions when >> directly >> > > asked. Would you prefer that I ask them in private instead of on >> discuss@? >> > > I'm >> > > often at the space, so I can handle either e-mail or in person. I >> would >> > > still >> > > need to relay the answers to a public forum such as noc@ to preserve >> > > transparency about our site security and keep everyone else up to date >> > > with >> > > who has unlimited and absolute power over synhak.org. >> > > >> > > If you're not able to make this work, then I can't really give you >> access. >> >> _______________________________________________ >> Discuss mailing list >> [email protected] >> https://synhak.org/mailman/listinfo/discuss >> > > > _______________________________________________ > Discuss mailing list > [email protected] > https://synhak.org/mailman/listinfo/discuss >
_______________________________________________ Discuss mailing list [email protected] https://synhak.org/mailman/listinfo/discuss
