Sigh, yes I did, but it was to allow Dion to take ownership of them, now I see he has not.

But, I'm not wholly convinced having what I was suggesting about groups taking ownership of their files is now tractable.

But I'm slowly becoming convinced that this cannot be maintained based on the current unix groups and historical policies behind the dist directory. The unix groups are not fine-grained enough to support adequate restriction at that project level. Further restriction, for instance "jakarta-commons" or "jakarta-tomcat" is required the group "jakarta" can't adequately protect project level ownership/modification of these files. In the opposite direction, individual ownership without group write capabilities blocks individuals from "removing" releases when it is time for them to be excised.

I just do not have the proper permissions to process all these files and set them to be owned by the appropriate groups. This is why I started to suggest that svn may be a more appropriate location for the java-repository, because at least then we can have much greater control of these characteristics as well as historical logging of changes if any do occur.


Henk P. Penning wrote:
On Tue, 5 Oct 2004, Mark R. Diggory wrote:

Date: Tue, 05 Oct 2004 13:04:40 -0400
From: Mark R. Diggory <[EMAIL PROTECTED]>
To: Henk P. Penning <[EMAIL PROTECTED]>
Subject: Re: md5's

I just wanted to verify if this was corrected, I saw the jelly files
that were not matching yesterday, I went back today to look into fixing
these and I believe that Dion made some corrections? Or was it someone else?

  Not getting a reaction, I waved the problems through, this morning.
  I mean, the 'problem' was that the files changed, together with the
  md'5 (The checker notices, because it remembers the original md5's).
  In my database, I set the 'orig md5' to the 'current md5'.

  All I was looking for was a message saying: yes, I changed the files.
  If you didn't change those files, there might be a (security) problem.
  I should have been clearer.

  Note that the changed files are (again) group writable, so,
  some 400 users can change them (everyone in group jakarta).

  Since our last exchange, I've seen the recomandation,
  to set the umask to '002' ;

  This makes files group writable by default.
  It seems to be common apache practice.

  Just curious:

  -- Did you change the files ?
  -- Is your umask 002 ?


  Isn't is time to change this 'umask 002' practice ?
  Even a cronjob like

    find dist -type d -exec chmod g+w {} \;

  is to be preferred, I think.

  As things are now, file ownership means nothing.


  Henk Penning


Henk P. Penning wrote:


 ... and another batch. See


----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/          M [EMAIL PROTECTED]  \_/

---------- Forwarded message ----------
Date: 1 Oct 2004 06:23:18 -0000
From: Cron Daemon <[EMAIL PROTECTED]>
Subject: Cron <[EMAIL PROTECTED]> ( cd /home/henkp/md5         ; /usr/bin/make
   -s cron )

*** md5 changed
hist=d1e3117b90f697e6503e4ddf76bc0402 curr=b171e535366191e437cff6d64df33561
*** md5 changed
hist=94cc61cbdcdfd3b75139d0ce2725138d curr=fe1ae9e40f3fd66031c781e9030b03b9
*** md5 changed
hist=8ce6559775be62cfae8df109b2457a9c curr=5cc2cf3c1937887c1573ef1582fb3591
*** md5 changed
hist=481b3ef3a7787ba232c4e1c43c32fe90 curr=040346a692601e498f4ea246d073f624
*** md5 changed
hist=5e4fdc5465c3219b76aea54d7f2d47f3 curr=5450333754b59865bab146caf84c80df
*** md5 changed
hist=f9d5c4302f9159217456e360217dc8b6 curr=24ea6cfe760c82d0707608fc785bc446
*** md5 changed
hist=a8caadca9a8b82e0739e22742533592f curr=ba37d770969889069ad4fdddaf79209a
*** md5 changed
hist=55b0117e87a2e5b022ba9ed81d4008f8 curr=5bfe394074ecf17f48c9091e34044823
*** md5 changed
hist=b0ef2b0baf9bcbaf86ea9d1591dfd487 curr=908ff22e0ea4a28f31223d90aef63ae9
*** md5 changed
hist=dbef14092f3eb76c5079b09bf64ccf9d curr=7f65c8da0fe603ab2c1f61cc6f64d2aa
*** md5 changed
hist=d7d0ff195f88f65f4751a9d1dbcf1c09 curr=e9a5a13b74dc44157a1435bb925d0bf0
*** md5 changed
hist=911bad282cade77c6d535fdf94258af8 curr=574aa9c4f4540ed19089a53a06d3cc00

-- Mark Diggory Open Source Software Developer Apache Jakarta Project

----------------------------------------------------------------   _
Henk P. Penning, Computer Systems Group       R Uithof CGN-A232  _/ \_
Dept of Computer Science, Utrecht University  T +31 30 253 4106 / \_/ \
Padualaan 14, 3584CH Utrecht, the Netherlands F +31 30 251 3791 \_/ \_/          M [EMAIL PROTECTED]  \_/

-- Mark Diggory Open Source Software Developer Apache Jakarta Project

Reply via email to