:: Re: [devuan-dev] (no subject)
Forside
Slet denne besked
Besvar denne besked
Skribent: Daniel Reurich
Dato:  
Til: devuan developers internal list
Emne: Re: [devuan-dev] (no subject)
On 11/07/17 19:50, Ivan J. wrote:
> On Tue, 11 Jul 2017, Daniel Reurich wrote:
>
>> On 11/07/17 19:36, KatolaZ wrote:
>>> On Tue, Jul 11, 2017 at 07:26:54PM +1200, Daniel Reurich wrote:
>>>> Hi Jaromil,
>>>>
>>>> I offered to do rsync push from amprolla but had no response. I think
>>>> that we should avoid rsync pulls from the main mirror. If he must pull
>>>> then we must setup an intermediary to pull from.
>>>>
>>>> Besides there is also a need to provide proper information about setting
>>>> up the mirror properly with all the necessary redirects.
>>>
>>> grok has offered his help in testing the rewrites for apache. This is
>>> a good opportunity to let people participate and help. Once set up the
>>> first time, the same conf can be repeated endlessly...
>>>
>>> I think we must help people help us. We can't manage and control
>>> everything. Devuan is growing up, and we need to do follow :)
>>
>> Sure, no problems, but the risks of pushing rsync are far lower for us
>> then pulling rsync. In fact I think we should move the primary mirror
>> to another host thus separating it from the amprolla process which would
>> be a big security improvement.
>>
>> KatolaZ, shall we spin a vm on nemesis for this... oh wait ... jaromil
>> relinquished our 16 IP addresses...
>
> Why can't you do NAT or some iptables magic for this "testing" process.


It should be a public webserver, and that requires setting up routing
etc. That becomes painful to setup and administer in the long term
>
> Also, what is the "big security improvement" coming with separation of
> the amprolla process from the primary mirror? I would like to know.


Protection of the signing keys - the amprolla server can be kept secure
behind a firewall and just rsync push the repo's.
>
>>>> Happy to work on this with you, but please stop with these unilateral
>>>> actions. It's not a nice approach and is likely to just create problems
>>>> and fray tensions.
>>>>
>>>
>>> There is no need to fray tensions, but there is a pushing need to keep
>>> things moving guys...
>>>
>> Sure, but discussion rather then unilateral actions, especially when
>> those actions are taken by people that aren't deeply involved in those
>> parts of the project and thus risk breaking things.
>
> Instead of you being the only one and not taking the time to help/teach?
>

I have been as best as I can, but my time is limited and the time zone
thing is such a pain... and it's not like your always around. Lets set
some times to get this done.

Anyway I don't have any control over nextimes firewall to allow ssh in
to the server for packages.devuan.org either so no idea what ports are
open for it. So it's just easier to rsync push to another server and
improve the security and spread the load.

D

--
Daniel Reurich
Centurion Computer Technology (2005) Ltd.
021 797 722