Re: DM vs DD and security
On Mon, 2007-03-19 at 05:41 -0400, Kevin Mark wrote: And if its large, then could this be reduced in some way by having the more common tasks be replaced by a web frontend with password access and leave fewer tasks that require ssh access. Because ssh is /less/ secure than ssl? -Rob -- GPG key available at: http://www.robertcollins.net/keys.txt. signature.asc Description: This is a digitally signed message part
Re: DM vs DD and security
Robert Collins [EMAIL PROTECTED] writes: On Mon, 2007-03-19 at 05:41 -0400, Kevin Mark wrote: And if its large, then could this be reduced in some way by having the more common tasks be replaced by a web frontend with password access and leave fewer tasks that require ssh access. Because ssh is /less/ secure than ssl? Yes, because a well written web frontend for a specific task is more secure than a general purpose shell account. //Makholm -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DM vs DD and security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Mar 20, 2007 at 06:02:27PM +1100, Robert Collins wrote: On Mon, 2007-03-19 at 05:41 -0400, Kevin Mark wrote: And if its large, then could this be reduced in some way by having the more common tasks be replaced by a web frontend with password access and leave fewer tasks that require ssh access. Because ssh is /less/ secure than ssl? While I do not claim to be a security expert, I was trying to address a few points: the need for ssh access which is a current privilege for DDs. I assume that physical access is not a big problem for Debian infrastructure and that external attacks are being guarded against. This leaves local access. If local access is reduced to those who need it (by my idea DM's would not normally need this) and common tasks can be made 'more secure' by making them done through a web interface (w/ ssl), this would eliminate possible human error (rm -rf or similar) and increase security by limiting access to DDs. But I have yet to receive any guess as to the amount of local ssh access that is used by DDs. If 99% of DDs need ssh access that requires a random set of commands, then this will not work. But if only 10% of DDs need ssh access, then it would be beneficial and would advance the idea of have DC/DMs not needing ssh access and inclusion in the keyring and a local user account created by DAM? (the last step in NM?) and allowing a separation based upon need, security, skill and responsibility. - -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keyserver: subkeys.pgp.net | my NPO: cfsg.org | |join the new debian-community.org to help Debian! | -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF/7Jjv8UcC1qRZVMRAjvVAJwKcWjrMFHpM7GmKJ9jraJFqwPwGwCglFxg IYfoAbehQfZx+yJMcI79uI8= =+Gic -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DM vs DD and security
On 3/19/07, Loïc Minier [EMAIL PROTECTED] wrote: On Mon, Mar 19, 2007, Margarita Manterola wrote: The only other service I've used from Debian machines is madison, which could be replaced by a front-end, yes. I think rmadison is a public alternative. It is, but it doesn't include the same info. The times I've used madison from inside a Debian machine have been because I needed the extra data. -- Besos, Marga
DM vs DD and security
Hi, I was mulling over a 3-tiered Debian contributer system: Debian contributer(non-software contributer) Debian maintainer(software contributer with limited upload rights) Debian developer(software contributer with full upload rights) where a a DC and DM would not have access to debian.org machines. I think the idea of limiting access to debian.org machines to DDs would be more secure than having all DC's and DM's have access. At least that is what I surmise. Then I wondered what percentage of DDs require access to debian.org machines? Could anyone find out this or if not, a guestimate would be ok. And if its large, then could this be reduced in some way by having the more common tasks be replaced by a web frontend with password access and leave fewer tasks that require ssh access. -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal |mysite.verizon.net/kevin.mark/| | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keyserver: subkeys.pgp.net | my NPO: cfsg.org | |join the new debian-community.org to help Debian! | signature.asc Description: Digital signature
Re: DM vs DD and security
On 3/19/07, Kevin Mark [EMAIL PROTECTED] wrote: Then I wondered what percentage of DDs require access to debian.org machines? I, for myself, have used debian machines mainly for doing NMUs of bugs in architectures which I normally wouldn't have access to. This kind of use is difficult to anticipate, you don't know you'll need it until you find a bug that you want to fix in that arch. Also, the delayed queue is currently implemented as an scp to gluck, so access to gluck is needed for that. And if its large, then could this be reduced in some way by having the more common tasks be replaced by a web frontend with password access and leave fewer tasks that require ssh access. The only other service I've used from Debian machines is madison, which could be replaced by a front-end, yes. -- Besos, Marga -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DM vs DD and security
On Mon, Mar 19, 2007, Margarita Manterola wrote: The only other service I've used from Debian machines is madison, which could be replaced by a front-end, yes. I think rmadison is a public alternative. -- Loïc Minier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DM vs DD and security
On Mon, Mar 19, 2007 at 05:41:32AM -0400, Kevin Mark wrote: I was mulling over a 3-tiered Debian contributer system: Debian contributer(non-software contributer) Debian maintainer(software contributer with limited upload rights) Debian developer(software contributer with full upload rights) You might want to have a look at the thread Developers vs Uploaders on debian-project. Discussions about project organisation such as this are more appropriate for that list. -- You grabbed my hand and we fell into it, like a daydream - or a fever. signature.asc Description: Digital signature
Re: DM vs DD and security
Kevin Mark dijo [Mon, Mar 19, 2007 at 05:41:32AM -0400]: Hi, I was mulling over a 3-tiered Debian contributer system: Debian contributer(non-software contributer) Debian maintainer(software contributer with limited upload rights) Debian developer(software contributer with full upload rights) where a a DC and DM would not have access to debian.org machines. Umh... I don't like that much viewing this as three tiers, three consecutive stages you progress on as if you were progressing towards nirvana :) And, besides, you left out the voting rights part, which is quite important as well. I think the idea of limiting access to debian.org machines to DDs would be more secure than having all DC's and DM's have access. At least that is what I surmise. Then I wondered what percentage of DDs require access to debian.org machines? Umh... Looking at Marga's answer, and thinking a bit on this, maybe the answer leads somewhere else... As she points out, we all might need access to a @debian.org machine every now and then, to get to some information, to update our people.debian.org information, or whatever - Now, what about this probably over-simplified workflow? 1- Nobody has access to @d.o machines by default 2- There is a subset of @d.o machines which accept DD login 2.1- There might even be a sub-subset which accept DM or DC login. Worth considering :) 3- If a DD needs access to a specific machine, (he|she|it) sends a GPG-signed machine-readable message requesting access to the specific needed machine 4- After a given time, access will be automatically revoked 4.1- If somebody often requires access to a machine or set of machines, (he|she|it) can request for permanently enabled access I think this would fit most of us quite nicely, and strongly help prevent breakins like the ones we have suffered. What do you say? Greetings, -- Gunnar Wolf - [EMAIL PROTECTED] - (+52-55)5623-0154 / 1451-2244 PGP key 1024D/8BB527AF 2001-10-23 Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF signature.asc Description: Digital signature
