Le mercredi 28 octobre 2015 à 16:24 +0530, Kaushal M a écrit : > On Wed, Oct 28, 2015 at 4:01 PM, Michael Scherer <[email protected]> wrote: > > Le mercredi 28 octobre 2015 à 15:57 +0530, Kaushal M a écrit : > >> Authentication failure is causing the replication plugin pushes to fail. > >> > >> The gerrit ssh key was attached to Avati's account IIRC. Maybe he's > >> removed the key by mistake. > > > > Nope. > > The key was removed due to the compromise Amye posted about on > > gluster-users. You can ask her details, cause she will likely be much > > more polite than me to explain the whole topic :) > > An ssh key pair is still present on review.gluster.org though.
So maybe not the same key. Which one is it ? > > > >> It'll be good if we add keys to an org instead of individual user's > >> account. But as we can't do that, what do people feel about creating > >> a `glusterbot` or `glusterant` account controlled by the community? > > > > I am ok with the idea but: > > - it need to be a account using a email the project can recover, not a > > personal one > > I think we can setup an email alias or a mailing list on the gluster > mail infra, which includes the admins of the Gluster org in Github. I am fine with the idea. But now, that mean we will have a official group of people, and I rather not have a group "admin of github and adin of gerrit and admin of rackspace and admin of the infra". So if we go this way, I will likely start to remove people access and centralize all in a ldap. (sync between github/rackspace and that list is a open problem). > > - what about using 2FA for that account ? > > Don't know how we could do this though. Maybe the first person > enabling 2FA could save the text code for the generator, and share it > with everyone, but doing is probably bad. Yeah, that's not how it is supposed to work :) I guess that again, using a proprietary services restrict our security options, because they target smaller community. -- Michael Scherer Sysadmin, Community Infrastructure and Platform, OSAS
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Gluster-infra mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-infra
