January 2016 - Arch-devops - lists.archlinux.org

[arch-devops] Moving projects.archlinux.org to luna.archlinux.org
by Sébastien Luttringer 23 Apr '16

23 Apr '16

Hello, Florian suggested to move cgit and archweb to nymeria or luna. In this mail, I will only focus on cgit, better known as projects.archlinux.org. Currently: - the web interface is a cgit on gudrun. - http server is apache and run cgit via cgi-bin - cgit scan /srv/git for repositories - /srv/git is a NFS mountpoint from gerolde - so, the git repositories are on gerolde - users push to repos via ssh directly on gerolde. They will have to update their remotes url. - the total space of git repositories is about 730MiB Currently, my preference would be to move the storage and the web interface on the same host. I see more benefits than moving web interface on luna and git repo on nymeria. We don't eat the space twice and we have all the repo accessible under the projects.al.org dns. Nonetheless, if we move the storage to nymeria, we save the configuration of ssh access to all devs + externals to luna. Not sure if this is relevant if we move to accounts to ldap. Thoughts? Here is a short planning if we go through this option: 1) setup a new cgit on luna (with nginx and uwsgi) 2) copy repos for testing purpose 3) create gitshell access to users 4) plan official migration date 5) reduce dns ttl of projects.al.org 6) wait for it 7) cut write access to gerolde repo 8) final repo sync 9) update dns records and restore ttl 10) take a beer I see there is also dev.archlinux.org on gudrun that I could also move to luna too. Cheers, -- Sébastien "Seblu" Luttringer https://seblu.net | Twitter: @seblu42 GPG: 0x2072D77A

6 13

[arch-devops] Arch DevOps mailing list
by Sébastien Luttringer 23 Feb '16

23 Feb '16

Hello, A new arch-devops mailing list has been added to lists.archlinux.org. The list should be used to discuss Arch Linux infrastructure and operations topics. Permission scheme are based on arch-dev-public; list is open for subscription to anyone and writing only for Arch Linux Staff. So, the moderation flag should be removed by mail to be able to write. If you can't do it, ping me. Cheers, -- Sébastien "Seblu" Luttringer https://seblu.net | Twitter: @seblu42 GPG: 0x2072D77A

6 7

[arch-devops] restricted access to arch-security@archlinux.org for senders
by Christian Rebischke 14 Jan '16

14 Jan '16

Hello, I am Chris from Arch Linux Security Team and I want to ask for restricted acess for senders for the arch-security mailinglist.[1] We had different issues in the past on this list including: - neverending discussions.[2] - broken MTAs (the newest one). Some emails from somebody are bouncing back to the mailinglist.[3] That's the reason why the security-team want a whitelist for this mailinglist. Everybody can subscribe but sending to it should be restricted to avoid this issues. I would be fine with it if the restriction is for everyone except the Arch Linux Developers, Trusted Users, and staff. If you want even more agressive rules I would be also fine if only our security team and some developers can write to it. According to my mail on the arch-dev-public mailinglist the security mailinglist should be for Arch Linux Security Advisories only.[4] best regards Christian Rebischke Member of Arch Linux Security Team [1] arch-security(a)archlinux.org [2] https://lists.archlinux.org/pipermail/arch-security/2015-December/000441.ht… [3] https://paste.archlinux.de/KAV1/ [4] https://lists.archlinux.org/pipermail/arch-dev-public/2015-December/027581.…

2 1