From: Konstantin Ryabitsev <mricon@kernel.org>
To: Borislav Petkov <bp@alien8.de>, Leonard Tse <xiehao5@gmail.com>,
ftpadmin@kernel.org, linux-kernel@vger.kernel.org,
greg@kroah.com, leoli@freescale.com, triplex@zh-kernel.org,
tshibata@ab.jp.nec.com, k-keiichi@bx.jp.nec.com,
minchan.kim@gmail.com
Subject: Re: [PATCH]URL is unavailable
Date: Thu, 13 Sep 2012 09:35:43 -0400 [thread overview]
Message-ID: <5051E12F.80001@kernel.org> (raw)
In-Reply-To: <20120913093241.GA15810@liondog.tnic>
[-- Attachment #1: Type: text/plain, Size: 1933 bytes --]
On 13/09/12 05:32 AM, Borislav Petkov wrote:
> My memory is hazy on this, but after the move, what's the policy on
> enabling users.kernel.org or userweb.kernel org or some other user web
> serving thing? I vaguely remember that we don't want to do this anymore
> but I'm not sure.
Well, as such system would be the largest security risk, it's
understandable that we're, err... reticent to have it up anywhere near
the rest of the infrastructure. :) We do have ssh enabled on two systems
that require git and release management, but anyone ssh'ing in never
gets a real shell and is severely locked down with SELinux.
> In any case, if we do, it would probably be better to have a whole
> different machine for such stuff and let users upload their stuff again
> without touching the old backups at all...
A better question is -- what is the problem we are trying to solve? We
are not in the business of providing free web hosting -- our aim is to
facilitate kernel development. We already provide a mechanism for git
trees and release tarballs. What is lacking is a simple way to publish
documentation -- it can be currently done with kup, but it's poorly
suited for uploading and managing many small files.
We already have a skeleton implementation of pulling such docs from git
trees (e.g. git docs are published that way). It's on my list of things
to extend this to a more universal and versatile system that would make
it easy for anyone to publish arbitrary documentation via their git
access -- perhaps on a subdomain like docs.kernel.org/treename/[etc]. We
can even require the use of "git tag -s" -- this will give us both
adequate security and history of changes.
I think this would be a better approach than allowing unfettered ssh
access and upload of arbitrary files.
Regards,
--
Konstantin Ryabitsev
Systems Administrator
Linux Foundation, kernel.org
Montréal, Québec
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 726 bytes --]
next prev parent reply other threads:[~2012-09-13 13:35 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 15:51 [PATCH]URL is unavailable Leonard Tse
2012-09-12 16:03 ` Borislav Petkov
2012-09-12 22:35 ` Leonard Tse
2012-09-13 1:13 ` Konstantin Ryabitsev
2012-09-13 9:32 ` Borislav Petkov
2012-09-13 13:35 ` Konstantin Ryabitsev [this message]
2012-09-13 13:55 ` Borislav Petkov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5051E12F.80001@kernel.org \
--to=mricon@kernel.org \
--cc=bp@alien8.de \
--cc=ftpadmin@kernel.org \
--cc=greg@kroah.com \
--cc=k-keiichi@bx.jp.nec.com \
--cc=leoli@freescale.com \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan.kim@gmail.com \
--cc=triplex@zh-kernel.org \
--cc=tshibata@ab.jp.nec.com \
--cc=xiehao5@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).