On Wed, Oct 28, 2015 at 4:48 PM, Michael Scherer <[email protected]> wrote: > Le mercredi 28 octobre 2015 à 16:24 +0530, Kaushal M a écrit : >> On Wed, Oct 28, 2015 at 4:01 PM, Michael Scherer <[email protected]> wrote: >> > Le mercredi 28 octobre 2015 à 15:57 +0530, Kaushal M a écrit : >> >> Authentication failure is causing the replication plugin pushes to fail. >> >> >> >> The gerrit ssh key was attached to Avati's account IIRC. Maybe he's >> >> removed the key by mistake. >> > >> > Nope. >> > The key was removed due to the compromise Amye posted about on >> > gluster-users. You can ask her details, cause she will likely be much >> > more polite than me to explain the whole topic :) >> >> An ssh key pair is still present on review.gluster.org though. > > So maybe not the same key. Which one is it ? > >> > >> >> It'll be good if we add keys to an org instead of individual user's >> >> account. But as we can't do that, what do people feel about creating >> >> a `glusterbot` or `glusterant` account controlled by the community? >> > >> > I am ok with the idea but: >> > - it need to be a account using a email the project can recover, not a >> > personal one >> >> I think we can setup an email alias or a mailing list on the gluster >> mail infra, which includes the admins of the Gluster org in Github. > > I am fine with the idea. But now, that mean we will have a official > group of people, and I rather not have a group "admin of github and adin > of gerrit and admin of rackspace and admin of the infra". > > So if we go this way, I will likely start to remove people access and > centralize all in a ldap. (sync between github/rackspace and that list > is a open problem). >
Michael, can we get this done now? Or do we need to wait for the community ldap to be setup? We don't want to keep pushing to Github manually. >> > - what about using 2FA for that account ? >> >> Don't know how we could do this though. Maybe the first person >> enabling 2FA could save the text code for the generator, and share it >> with everyone, but doing is probably bad. > > Yeah, that's not how it is supposed to work :) > > I guess that again, using a proprietary services restrict our security > options, because they target smaller community. > > -- > Michael Scherer > Sysadmin, Community Infrastructure and Platform, OSAS > > _______________________________________________ Gluster-infra mailing list [email protected] http://www.gluster.org/mailman/listinfo/gluster-infra
