[arch-dev-public] [RFC] Moving repos to nymeria

Florian Pritz bluewind at xinu.at
Thu Sep 6 11:39:03 EDT 2012

On 06.09.2012 17:23, Stéphane Gaudreault wrote:
> Could we run sogrep on nymeria ?

I don't really see a benefit there. You can already run it on brynhild
and sogrep needs a databases which is updated via a cron job so you
probably won't even see a difference in update latency between the two.

> Also, could you please explain why browsing the repo in a shell account 
> will be disabled ? I found this very useful when moving a large number 
> of packages from staging/testing to extra/core.

The idea is to reduce the possible damage an attacker can cause if he
happens to obtain a dev's/TU's ssh key. Without a shell and only a few
whitelisted commands the box should be very safe. That allows us to use
a server stored signing key for the database without having to worry
about someone using a kernel exploit and gaining access to the key.

sftp will still be available so if all you want is a file list you can
use that. You can also run "sudo syncrepo" on brynhild to force a sync
at any time and then browse there.

Florian Pritz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-dev-public/attachments/20120906/516add88/attachment.asc>

More information about the arch-dev-public mailing list