From Fedora Project Wiki

< FWN‎ | Beats

(→‎Change Requests: Awesome! This is a nice list of what happened during the week. Great to know. s/https/http/ where possible pls.)
 
Line 8: Line 8:
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]
Contributing Writer:  [[HuzaifaSidhpurwala|Huzaifa Sidhpurwala]]


=== Mirror svn-to-git ===
=== Intrusion update ===
[[JimMeyering|Jim Meyering]] said <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00155.html</ref> that he would like to set up an svn-to-git mirror for a project on fedorahosted. The mirror was set up<ref>http://git.et.redhat.com</ref> and will be maintained by him at the Red Hat Emerging Technology Group webspace. It is not open for ssh access to people outside of Red Hat, so it's rather limited.
[[MikeMcGrath| Mike McGrath]] sent a link <ref>https://www.redhat.com/archives/fedora-announce-list/2009-March/msg00010.html</ref> to the list about the intrusion which was sent to the fedora-announce-list earlier.<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00277.html</ref>


<references/>
Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.


=== Change Requests ===
There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.


Due to the impending release of Fedora 11 beta, the infrastructure team is in a change freeze right now.
[[Dennis Gilmore|DennisGilmore]] started a similar thread about Auth Mechanims<ref>https://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00294.html</ref> on which he discussed using etoken or Yubikey for authentication.
 
It was a two factor authentication and therefore was more secure than passphrase or ssh keys.
The following change requests were made during the week:
 
1. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00139.html</ref> Change a piece of code in fas2 which would reduce a particular loop time from 5 mins to 8 seconds. This change was approved and the hotfix was put on the server.
 
2. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00148.html</ref>Add redirect from /legal/trademarks/guidelines to http://fedoraproject.org/wiki/Legal:Trademark_guidelines. This change was approved.
 
3. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00169.html</ref> Make transifex run under transifex user and not apache user. This change was also approved and committed.
 
4. <ref>
http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00179.html</ref> Change request to update transifex on app1 to the 0.5 version. The change was approved.
 
5. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00182.html</ref> Remove Fedora8 from the infofeed updates: Somehow fedora8 is still being looked for for the infofeed rss feed on planet.fedoraproject.org. This was approved and changes were made.
 
6. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00187.html</ref>Use single quotes for the mysql backup cronjob,this has been causing us to get extra cron spam (and stalling mysql updates). Again this change was approved and committed.
 
7. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00196.html</ref>Make sure inactive accounts can't auth to other webapps. Approved and committed.
 
8. <ref>http://www.redhat.com/archives/fedora-infrastructure-list/2009-March/msg00199.html</ref> Minor bodhi update. Changes include. Again approved and applied.


<references/>
<references/>

Latest revision as of 04:36, 6 April 2009

Infrastructure

This section contains the discussion happening on the fedora-infrastructure-list

http://fedoraproject.org/wiki/Infrastructure

Contributing Writer: Huzaifa Sidhpurwala

Intrusion update

Mike McGrath sent a link [1] to the list about the intrusion which was sent to the fedora-announce-list earlier.[2]

Mike said that he was waiting to discuss authentication mechanisms for the fedora-servers, Since passwords+ssh keys are not the most secure authentication mechanism. Also it seems that fedora does not have the budget for any RSA token like system for authentication.

There was a lot of discussion on this thread, with various people proposing different authentication mechanisms which could be used.

DennisGilmore started a similar thread about Auth Mechanims[3] on which he discussed using etoken or Yubikey for authentication. It was a two factor authentication and therefore was more secure than passphrase or ssh keys.