On 06.09.2012 17:23, Stéphane Gaudreault wrote:
Could we run sogrep on nymeria ?
I don't really see a benefit there. You can already run it on brynhild and sogrep needs a databases which is updated via a cron job so you probably won't even see a difference in update latency between the two.
Also, could you please explain why browsing the repo in a shell account will be disabled ? I found this very useful when moving a large number of packages from staging/testing to extra/core.
The idea is to reduce the possible damage an attacker can cause if he happens to obtain a dev's/TU's ssh key. Without a shell and only a few whitelisted commands the box should be very safe. That allows us to use a server stored signing key for the database without having to worry about someone using a kernel exploit and gaining access to the key. sftp will still be available so if all you want is a file list you can use that. You can also run "sudo syncrepo" on brynhild to force a sync at any time and then browse there. -- Florian Pritz