Where's that guest?
by Mike McGrath
I've created a script (now on bastion) that will scan all of our xen
hosts and list what guests are on it. Just a reminder that we should be
naming guests at this point on by hostname. More scripts and monitoring
are on the way.
from bastion run:
scanXen.sh
-Mike
15 years, 11 months
Re: Error processing Fedora Account System email
by Axel Thimm
???
On Sat, Jun 30, 2007 at 01:15:34AM -0700, Fedora Account System wrote:
> With regards to "Re: You need to create a bugzilla account for Axel.Thimm(a)ATrpms.net".
>
> Your message could not be processed.
>
> Reason:
>
> The signature could not be processed. The signature may have been created or attached improperly, it might not match the key ID you have registered in the Account System, or the public key may not have been found on the key server. For guidance, please see the following page:
>
> http://fedoraproject.org/wiki/Infrastructure/AccountSystem/CLAHowTo
--
Axel.Thimm at ATrpms.net
15 years, 11 months
Re: You need to create a bugzilla account for Axel.Thimm@ATrpms.net
by Axel Thimm
As the mail admits this is amazingly stupid, unless someone wiped my
bugzilla account ...
On Sat, Jun 30, 2007 at 01:08:37AM -0400, accounts(a)fedora.redhat.com wrote:
>
> In order to make bugzilla components for Fedora-related programs, we need to have an existing bugzilla account for
> the listed owner. You (Axel.Thimm(a)ATrpms.net) do not have a bugzilla account, but are listed as the owner for the following components:
> Fedora (apt)
>
> Please create a bugzilla account for Axel.Thimm(a)ATrpms.net immediately, because this amazingly stupid cron job will keep sending you an
> e-mail every hour until you do :)
>
> - The management
--
Axel.Thimm at ATrpms.net
15 years, 11 months
xen guests on fpserv
by Seth Vidal
Hi folks,
I'm setting up the two xen instances we talked about running on fpserv:
planet - for the planet.fedoraproject.org site and for the infofeed
(along w/whatever else we come up with needing that on
people - for the fedorapeople.org domain and all the subdomains for
fedora accounts
Now - my questions are these:
1. what naming convention should I use for the xen guests on fpserv?
I was planning on using planetserv.fedoraproject.org and
peopleserv.fedoraproject.org is that okay or should these be xen1/2/3?
2. I was going to set it up such that planet had a small but
manageable amount of disk space and people had everything else - which
is about 260GB. Does that good to y'all? Is there anything else I should
be planning for?
thanks,
-sv
15 years, 11 months
IRC Meeting Text Formatter....
by David Douthitt
I've been trying to keep up with reading the IRC logs, but they aren't
the easiest to read.
So.... I turned to scripting and created a much easier to read format
based on the original text. The new format separates the text by
subject, tallies the attendees and reports on these at the end.
The script (called "irc") is in Ruby and is attached - it writes out a
file "irc.{mo}.{day}".
--
UNIX System Administrator
Linux+, SCSA, RHCE, LPIC-1
HP-UX, Linux, Solaris, FreeBSD
Books: "Advanced System Administration" and "GNU Screen: A Comprehensive Introduction"
http://www.lulu.com/ssrat
#!/usr/bin/ruby
message = STDIN.readlines.map { |x|
x.gsub!(/=\n$/,'')
x.gsub!(/=20/, ' ')
x.gsub!(/=3D/, '=')
x
}
x = `date "+irc.%m.%d"`
$stdout = File.open(x.chomp, "w+")
x = `date`.chomp
print x
attendees = Hash.new
joined = Hash.new
message.to_s.each { |x|
next unless (x =~ /^\[[0-9][0-9]:[0-9][0-9]\]/)
x.gsub!(/^\[..:..\] \* /, " * ")
if (/subject to (.*)/.match(x))
s = "SUBJECT: #{$1}"
print "\n\n#{s}\n#{"=" * s.size}\n\n"
elsif (/^\[..:..\] ([^ ]*) has joined /.match(x))
joined[$1] = 1
print x.gsub(/...:... /, " ")
elsif (/^\[..:..\] ([^: ]*) /.match(x))
print x.gsub(/...:... /, " ")
else
print x
# print x.gsub(/^...:... /, " ")
end
if (/^\[..:..\] ([^ :]*): /.match(x))
attendees[$1] = 1
end
}
total = (attendees.keys + joined.keys).sort.uniq
print "\n\nAttendees (#{total.size}): \n"
total.each { |x|
print "\t", x
if (joined.member?(x) && ! attendees.member?(x))
print " (nonspeaking)"
end
print "\n"
}
#message.each { |line|
# line.chomp!
# if (line =~ /=$/)
# line.chop!
# line += readline.chomp!
# end
#
# if (line =~ /set the subject to (.*)/)
# subj = $1;
# print "\n", subj, "\n\n";
# else
# print line, "\n";
# end
#}
15 years, 11 months
Streamlining Account Signup Process
by Ray Van Dolson
This question stems from a post on the CentOS mailing list -- a fellow
wanted to add a couple items to the EPEL Wishlist but wasn't sure how.
I suggested he get a Wiki account and add it himself (probably should
have just added it for him, but...). In any case, here's his rant:
http://lists.centos.org/pipermail/centos/2007-June/083203.html
I think I agree with him in spirit that getting a Wiki / FAS account
set up is a bit of a daunting process.
I pointed him here:
http://fedoraproject.org/wiki/WikiEditing#head-3d4b8815f923a8f137fb466901...
Which has links pointing to other lists of tasks to do -- it can get
rather spaghetti like, especially when you don't understand why you're
generating all these SSH keys and GPG keys, etc :)
My questions are as follows:
1. Is this the appropriate list to discuss this issue on?
2. Do you guys agree that the signup process is overly complex? Or
does the process partially serve to ensure that the candidate is
sufficiently motivated and persistent? :)
3. If so, can we discuss a way to simplify it?
Alternately...
4. Would maybe reorganizing the documentation for getting an account
be the most helpful in the short-term?
Also, maybe just a blurb on the EPEL wish list describing an easier way
to request package additions there would be helpful. Even if it's just
"join the mailing list and ask" or "ask on IRC". This is like a
question for epel-devel however.
I know one of your guys' overall goals has always been to get more
community involvement, so I figured this was a worthwhile question to
ask. I know I almost decided that it wasn't worth the effort to join
the FP after seeing all those steps for signup when I just wanted to
contribute one package initially (I'm happy I didn't bail btw)... I
imagine many others feel the same way.
Ray
PS: I know I haven't proposed any solutions. Still trying to wrap my
head around what those might be, but wanted to throw this out there.
15 years, 11 months
Firefox Search Plugin
by Michael Stahnke
I was looking for a firefox search plugin for the Fedora Wiki. I
checked google/mycroft and didn't find one already existed, so I built
my own.
http://www.stahnkage.com/fedora should get you to it.
If it doesn't work or needs updates, let me know. If it stinks (and
it probably does) let me know too. (Tested on F6/ FF 1.5)
stahnma
15 years, 11 months
koji errors
by Orion Poplawski
I'm getting the following frequently while using koji:
Mod_python error: "PythonHandler mod_python.publisher"
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/mod_python/apache.py", line
299, in HandlerDispatch
result = object(req)
File "/usr/lib/python2.4/site-packages/mod_python/publisher.py", line
213, in handler
published = publish_object(req, object)
File "/usr/lib/python2.4/site-packages/mod_python/publisher.py", line
412, in publish_object
return publish_object(req,util.apply_fs_data(object, req.form,
req=req))
File "/usr/lib/python2.4/site-packages/mod_python/util.py", line 439,
in apply_fs_data
return object(**args)
File "/usr/share/koji-web/scripts/index.py", line 798, in buildinfo
rpms = server.listBuildRPMs(build['id'])
File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1075,
in __call__
return self.__func(self.__name,args,opts)
File "/usr/lib/python2.4/site-packages/koji/__init__.py", line 1300,
in _callMethod
return proxy.__getattr__(name)(*args)
File "/usr/lib/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib/python2.4/xmlrpclib.py", line 1137, in request
headers
ProtocolError:
Clears eventually after enough retries.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA/CoRA Division FAX: 303-415-9702
3380 Mitchell Lane orion(a)cora.nwra.com
Boulder, CO 80301 http://www.cora.nwra.com
15 years, 11 months
Fedora Infrastructure IRC Meeting Log from 2007-06-28
by Jeffrey Ollie
[15:01] mmcgrath has set the subject to Fedora Infrastructure -- Who's here
[15:01] mmcgrath: ping all, who's here?
[15:01] * skvidal is here
[15:02] * xDamox is here
[15:02] * Bob-Laptop is not here but does not really count yet
[15:02] mmcgrath: paulobanon, dgilmore, mbonnet__, mbonnet, abadger1999, f13: ping
[15:02] * paulobanon is here
[15:03] notting has joined the group chat (n=notting@redhat/notting)
[15:03] * abadger1999 is here
[15:03] mmcgrath: allright
[15:04] mmcgrath has set the subject to Fedora Infrastructure -- Ticketing System
[15:04] mmcgrath: Lets talk about this and try to come to a conclusion today.
[15:04] * mmcgrath notes the schedule - http://fedoraproject.org/wiki/Infrastructure/Schedule
[15:04] mmcgrath: So here's my current concern.
[15:04] mmcgrath: I'm getting a lot of emails for requests for stuff that anyone in the team could do.
[15:05] mmcgrath: So as we discussed on the list the options are moving to a mailing list or trac.
[15:05] mmcgrath: What do you guys think? (you don't have to be in the Infrastructure team to have a comment on this)
[15:05] paulobanon: trac for me
[15:06] skvidal: I can adapt to either - I think a list is easy - but if there's an rss feed for trac I'll accept that
[15:06] mmcgrath: skvidal: good question.
[15:06] mmcgrath: f13: does track have an rss feeder?
[15:07] * mmcgrath thinks f13 is away.
[15:07] skvidal: Indeed
[15:07] abadger1999: trac has an rss feed for timeline. Not sure if tickets show up in timeline or not.
[15:07] paulobanon: http://trac.edgewall.org/wiki/TracRss
[15:07] mmcgrath: abadger1999: are you a trac fan or a mail list fan?
[15:08] paulobanon: yes it support tickets
[15:08] abadger1999: We need to have both a ml and ticketing system.
[15:09] mmcgrath: k, so I'll work on getting a trac system setup and properly configured with Infrastructure for us to take a look at. We can decide to keep it and announce it hopefully next week.
[15:09] paulobanon: sounds good
[15:10] mmcgrath: ok, moving on.
[15:10] mmcgrath has set the subject to Fedora Infrastructure -- Package Database
[15:10] mmcgrath: abadger1999: how are you and G doing?
[15:11] G: I've been a little bit on hold, I've got next week off, so I hope to dedicate a bit of time to it
[15:11] mmcgrath: G: cool.
[15:11] mmcgrath: G: where are you two currently running tests from?
[15:12] G: Toshio created a hosted instance though (http://hosted.fedoraproject.org/projects/packagedb
[15:12] G: err. test3 I think
[15:12] mmcgrath: test3, k.
[15:12] mmcgrath: k, moving on.
[15:13] mmcgrath: Nothing new in configuration managemnt.
[15:13] mmcgrath has set the subject to Fedora Infrastructure -- VCS choice
[15:13] mmcgrath: jcollie: ping
[15:13] jcollie: mmcgrath, wassup?
[15:13] jcollie: oops
[15:14] mmcgrath: I'm going to have some publictest1 space for you soon for http://fedoraproject.org/wiki/Infrastructure/RFR/GitPackageVCS
[15:14] jcollie: on a phone call, but no progress since last week
[15:14] jcollie: mmcgrath, thanks!
[15:14] mmcgrath: jcollie: k, can you apply for the sysadmin-test group when you get a mment?
[15:14] jcollie: sure
[15:14] * mmcgrath will continue
[15:15] mmcgrath has set the subject to Fedora Infrastructure -- Firewall system rewrite
[15:15] mmcgrath: xDamox: how's all that going?
[15:15] mmcgrath: and the new custom rules?
[15:15] xDamox: mmcgrath, just got to get skvidal to check over this torrent policy
[15:15] skvidal: xDamox: I did check it over
[15:15] skvidal: is there a new one?
[15:15] xDamox: the one in my home dir?
[15:16] xDamox: on lockbox
[15:16] abadger1991 has joined the group chat (n=abadger1(a)068.187-78-65.ftth.swbr.surewest.net)
[15:16] riel has joined the group chat (n=riel(a)bree.surriel.com)
[15:16] skvidal: did you tell me about those before today?
[15:16] skvidal: I looked at what we talked about before
[15:16] xDamox: nope
[15:16] skvidal: oh, okay
[15:16] xDamox: I was going to email you tonight
[15:17] MrBawb has joined the group chat (i=abob(a)guppy.drown.org)
[15:17] skvidal: yes, continue with that plan
[15:17] skvidal:
[15:17] skvidal: thank you
[15:17] mmcgrath:
[15:17] xDamox: if your happy I can check them in to puppet and firewall will be done
[15:17] * dgilmore is here
[15:17] * abadger1991 back
[15:18] mmcgrath: xDamox: excellent.
[15:18] skvidal: cool-mo-dee
[15:18] xDamox:
[15:18] mmcgrath: xDamox: anything else?
[15:18] xDamox: do you want any firewall rules applied to xen?
[15:19] JSchmitt has joined the group chat (n=s4504kr(a)p54B1127B.dip0.t-ipconnect.de)
[15:19] xDamox: XEN are the only hosts without firewall rules
[15:19] dgilmore: xDamox: yes but we need to work out what
[15:19] xDamox: yea not a problem
[15:19] mmcgrath: ahhh yes.
[15:19] mmcgrath: So here's the problems to overcome.
[15:19] mmcgrath: We'd like to be able to block traffic from the xen guests at the xen host.
[15:19] dgilmore: xDamox: we have some guests we want almost no access to others inside the colo
[15:20] mmcgrath: Note, the xen guests will move around so its probably smart to have the same rules on all xen hosts.
[15:20] dgilmore: probbaly need to use ebtables on the xen bridge
[15:20] xDamox: Ok
[15:20] mmcgrath: and 2) the interface name might change when migrating around so rules based off of interface won't work.
[15:20] mmcgrath: ip rules off of IP are easy to circumvent
[15:20] mmcgrath: ip rules off of mac may be spoofable (but could be our best bet)
[15:21] mmcgrath: Any suggestions there?
[15:21] xDamox: I would go with MAC addresses
[15:21] dgilmore: mac address absed rules on the bridges
[15:21] xDamox: that would be the best bet
[15:22] mmcgrath: dgilmore: ahh, very true.
[15:22] fchiulli has left ("CGI:IRC (Ping timeout)" (i=824c400f(a)gateway/web/cgi-irc/ircatwork.com/x-63cc1cf3a5d2721f))
[15:22] warren: The guests cannot change their MAC
[15:22] warren: ?
[15:22] mmcgrath: ok, so we can work on those when the time comes.
[15:22] mmcgrath: warren: the guest can probably change it but the host won't honor it.
[15:22] warren: ah
[15:22] mmcgrath: at least in theory, we'll have to test that.
[15:22] warren: sounds like a plan
[15:23] warren: You might not need to use ebtables though
[15:23] warren: I've used iptables MAC module before
[15:23] fchiulli has joined the group chat (i=824c400f(a)gateway/web/cgi-irc/ircatwork.com/x-1f7399ce8f2ba354)
[15:23] dgilmore: warren: ona bridge?
SmootherFrOgZ_id is now known as SmootherFrOgZ
[15:23] warren: dgilmore, oh, good question.
[15:23] warren: It is worth trying though
[15:24] warren: If it works, that's one less additional thing to track
[15:24] mmcgrath: <now> we should take this to the list.
[15:24] warren: agreed
[15:24] dgilmore: mmcgrath: quite possibly we could do rules for known macs we want to allow access then deny everything else
[15:25] abadger1999 has left (No route to host (n=abadger1(a)068.187-78-65.ftth.swbr.surewest.net))
[15:25] mmcgrath: dgilmore: thats true, its good to know we have options. We'll just have to find the solution thats best for our environment.
[15:25] dgilmore: so if they change mac and its honored we still drop
[15:25] mmcgrath: <nod>
[15:25] mmcgrath: I skipped one item
[15:25] paulobanon: +1
[15:25] mmcgrath has set the subject to Fedora Infrastructure -- DB1 upgrade
[15:25] mmcgrath: mbonnet__: ping?
[15:25] mmcgrath: mbonnet: ?
[15:25] lennert: iptables can filter on --mac-source on input/forward, anything more fancy needs ebtables
abadger1991 is now known as abadger1999
[15:25] mmcgrath: Right now we're just waiting on the ok from mbonnet to make sure the new postfix version will support koji.
[15:26] mbonnet__: mmcgrath: sorry, in a meeting
[15:26] mmcgrath: mbonnet__: no worries, I'll just move to the next item.
[15:26] mmcgrath: but thats where db1 is at right now.
[15:26] mmcgrath has set the subject to Fedora Infrastructure -- Server Upgrades
[15:26] abadger1999: s/postfix/postgres/
[15:26] warren: mmcgrath, what about postfix doesn't support koji?
[15:26] mmcgrath: abadger1999: err yes
[15:26] warren: oh
[15:26] warren: =)
[15:26] * mmcgrath has post on the mind
[15:27] mmcgrath: So I'm working with the soc on some items with the server upgrade.
[15:27] dgilmore: mmcgrath: for what its worth my koji install has a FC-6 based postgres
[15:27] paulobanon: i think everyone got confused with that one
[15:27] mmcgrath: dgilmore: excellent.
[15:27] mmcgrath: The new disk tray for our builders came in and is now in use.
[15:27] dgilmore: running on sparc but its FC-6
[15:27] dgilmore:
[15:27] mmcgrath: 2.0T 691G 1.3T 35% /mnt/ntap-fedora1/fedora
[15:27] dgilmore: f13: dont fill it
[15:27] warren: sparc?
[15:28] dgilmore: warren: yes sparc
[15:28] mmcgrath: I think there's some koji work to enable better garbage collection. Keep in mind whats in our 691G of space right now.
[15:28] mmcgrath: Just Fedora 7.
[15:28] mmcgrath: well and some other stuff.
[15:29] dgilmore: mmcgrath: rawhide also
[15:29] mmcgrath: Also I'm working with the soc to get some warranty stuff figured out. There's some server's I need to double check.
[15:29] mmcgrath: <nod> rawhide.
[15:29] mmcgrath: which right now is basically F7
[15:29] mmcgrath has set the subject to Fedora Infrastruture -- Xen Conversions
[15:29] mmcgrath: I've converted a few more boxes to the iscsi share. We're up to...
[15:30] mmcgrath: 12 hosts at present.
[15:30] mmcgrath: many of them test, a few of them are production.
[15:30] paulobanon: how many left _
[15:30] paulobanon: ?
[15:31] mmcgrath: paulobanon: depends, I don't have a final count right now but by the time we get the server upgrades the target number will change drastically.
[15:31] paulobanon: k k
[15:31] mmcgrath: thats all the priority 1 stuff
[15:31] mmcgrath: Nothing new on bacula
[15:31] mmcgrath: translators stuff is still going well
[15:31] mmcgrath: nothing new on accoutns
[15:32] skvidal: did everyone look to make sure they had all their stuff off of fpserv?
[15:32] mmcgrath: f13 isn't around but I suspect nothing terribly new on hosted.
[15:32] skvidal: I emailed about it but didn't get any response
[15:32] mmcgrath has set the subject to Fedora Infrastruture -- FedoraPeople.org
[15:32] mmcgrath: skvidal: everything I have on there should be vanishable
[15:33] skvidal: okie doke
[15:33] skvidal: I'll take that as definitive
[15:33] mmcgrath: heh
[15:33] paulobanon: kill fpserv!
[15:33] paulobanon:
[15:33] mmcgrath has set the subject to Fedora Infrastructure -- Ibiblio Mirror
[15:33] skvidal: thank you
[15:33] mmcgrath: I've been laxed on this, I just need to test that they have everything exported correctly.
[15:34] mmcgrath: then find some testers.
[15:34] mmcgrath: So thats all the stuff on the schedule.
[15:34] mmcgrath has set the subject to Fedora Infrastructure -- Open Floor
[15:34] mmcgrath: Anyone have anything they'd like to discuss?
[15:34] dgilmore: skvidal: i had nothing on fpserv
[15:34] skvidal: dgilmore: cool
[15:34] mmcgrath: notting: ping
[15:34] skvidal: dgilmore: I just wanted to be sure
[15:35] notting: mmcgrath: yes?
[15:36] paulobanon: whats with all priority 3 stuff ? is it something that we even want to have there and move it to a thinking about it section ?!
[15:36] paulobanon: s/and/or
[15:36] mmcgrath: notting: do you have a moment to discuss the signing server?
[15:37] mmcgrath: paulobanon: I don't know what is with that stuff.
[15:37] mmcgrath: paulobanon: that reminds me though can you add the wiki cla stuff you're doing with quaid to the list in priority 2?
[15:37] paulobanon: yup
[15:37] notting: mmcgrath: sure
[15:38] mmcgrath: notting: just give us a quick overview of what you guys are doing, what you'll need and what problem it solves.
[15:39] notting: ok
[15:39] notting: first of all, lots of info at http://fedoraproject.org/wiki/JesseKeating/SigningServerSpecDraft
[15:39] mmcgrath: ohhh, very nice.
[15:40] notting: the idea is that instead of just handing out gpg keys and passphrases, we use a signing server to sign packages
[15:40] * warren yay!
[15:40] notting: this server will have lists of what people (FAS accounts) are allowed to sign with what keys
[15:40] notting: there is some code that RH has
[15:40] notting: however, to use a) FAS b) koji it's going to take a lot of hacking. might just need redone
[15:41] notting: what we need: a locked down box with very limited access
[15:41] notting: as the box will need to have private keys on it
[15:41] warren: So outside of the normal FI authentication
[15:42] warren: sysadmin-main shouldn't be able to login as root
[15:42] rdieter has joined the group chat (n=rdieter(a)ip68-110-20-4.om.om.cox.net)
[15:42] paulobanon: notting: its the RFR/FedoraCertificateSystem right ?!
[15:42] mmcgrath: warren: Doesn't have to be. We don't have to include sysadmin-main
[15:42] notting: probably not
jwb is now known as jwb_gone
[15:42] mmcgrath: warren: oh, nm, I think we're talking about the same thing
[15:42] dgilmore: warren: no one should log in as root on any box unless its to fix something broken
[15:42] warren: dgilmore, true
couf is now known as couf_afk
[15:43] warren: mmcgrath, I mean... regular sysadmins or people who could mess with the account system shouldn't be able to grant access to the signing server.
[15:43] mmcgrath: notting: we can work on that part. I've also considered looking into something like two factor authentication for the signers.
[15:43] notting: yeah, it's sort of up in the air how much auth we want from the signers w.r.t FAS (ssh key + fas user/pw? more?)
[15:43] mmcgrath: notting: will the private keys been encrypted?
[15:44] paulobanon: SELinux it hard
[15:44] notting: mmcgrath: as much as any gpg private keys are
[15:44] mmcgrath: k, so we'll just have to discuss and find what solution works best for us.
[15:44] notting: the box does *not* need to be public facing, but it will need to be accessible from the colo so people can request sigs
[15:44] mmcgrath: notting: do you guys have a time frame on any of this yet?
[15:44] notting: wait, strike that
[15:44] warren: signing server shouldn't be connected or depend on FAS at all
[15:45] JSchmitt_ has joined the group chat (n=s4504kr(a)p54B11AD8.dip0.t-ipconnect.de)
[15:45] notting: if we want people to sign who don't have some sort of bastion access, i suppose it does need to be public
[15:45] mmcgrath: notting: going through bastion won't be an issue.
[15:45] fab has left (Read error: 104 (Connection reset by peer) (n=bellet(a)bellet.info))
[15:45] fab_ has left (Read error: 104 (Connection reset by peer) (n=bellet(a)bellet.info))
[15:45] notting: mmcgrath: considering we don't have server code yet, no.
[15:45] tibbs has left ("Konversation terminated!" (i=tibbs@fedora/tibbs))
[15:45] warren: notting, we could abstract access through koji or something.
[15:45] warren: notting, koji keeps track of what wants signing
[15:46] notting: warren: koji has click-through cert auth. makes it *TRIVIAL* to impersonate someone with merely phyiscal access to their box
[15:46] warren: notting, oh, I meant requesting signs, not actual signing.
[15:46] mmcgrath: notting: we'll keep it on our radar for now. let us know when it becomes more... imminent
[15:46] warren: notting, isn't it safe to assume that someone trusted to do actual signing should have bastion access?
[15:47] mmcgrath: notting: we could look at physical key requirements as well. How many signers do you suspect we'll have?
[15:47] notting: warren: in that they're trusted enough to have bastion access, yes, however, it's entirely possible that they wouldn't have needed it for anything else
[15:48] notting: mmcgrath: dunno. more than 2, less than 10.
[15:48] mmcgrath: <nod>
[15:48] mmcgrath: notting: thanks, we'll keep our eyes out for it.
[15:48] mmcgrath: In the meantime does anyone have anything else they'd like to discuss?
[15:48] mmcgrath: paulobanon: you had something?
[15:48] mmcgrath: oh the priority 3 stuff
[15:48] warren: ssh with pubkey -> somehost, where they don't see a shell, it asks for a passphrase that is private for each signer.
[15:49] paulobanon: cant we take a quick tour on that and on the not implemented RFRs
[15:49] paulobanon: and see what can or not be done
[15:49] mmcgrath: sure, so a lot of those things are just sort of on hold.
[15:49] mmcgrath: the priority 3 stuff.
[15:49] paulobanon: cause for someone not on the list for long, it looks like we do nothing
[15:49] paulobanon: since that never changes
[15:49] mmcgrath: I can confirm that postfix, finoc, mailman and speeding up the wiki are on hold or blocking on other people.
[15:50] mmcgrath: lmacken: ping?
[15:50] fab has joined the group chat (n=bellet(a)bellet.info)
[15:50] mmcgrath: rhlinux.redhat.com migration is the same thing as the elvis stuff. thats going on.
[15:50] paulobanon: FedoraPasteBin - everyone uses pastebin, we still interested in having our one ?
[15:50] mmcgrath: the look and feel stuff ricky is working on (though not aorund)
[15:50] mmcgrath: yeah, I think it would be good to have our own. Just have to install it I suppose.
[15:51] mmcgrath: and these are the RFR's - http://fedoraproject.org/wiki/Infrastructure/Schedule?action=fullsearch&c...
[15:51] paulobanon: no need for that big url
[15:51] paulobanon: just go for /RFR/
[15:51] paulobanon: you have all if you scroll down
[15:51] paulobanon: i added all of them there
[15:52] paulobanon: until 2 weeks ago i think
[15:52] mmcgrath: paulobanon: but some are missing.
[15:52] mmcgrath:
[15:52] paulobanon: ill update it later then
[15:52] paulobanon: requesters should add the link there
[15:52] mmcgrath: so those are the rfr's. Some are taken, some aren't. Most are just waiting for worker bees.
[15:52] paulobanon: lazy guys
[15:53] mmcgrath: paulobanon: I actually skipped doing the list that way just because its so easy to do a search for "Infrastructure/RFR"
[15:53] paulobanon: where do u want the pastebin ? i can talk with lmacken to have it deployed
[15:53] mmcgrath: paulobanon: go ahead and contact luke. see what he says.
[15:53] dgilmore: paulobanon: we were going to integrate it waith fas
[15:53] paulobanon: will do
[15:53] warren: dgilmore, cool, limit spam.
[15:54] mmcgrath: dgilmore: we can let apache do that if we want, should be pretty easy.
[15:54] dgilmore: paulobanon: i think thats the main reason it stalled
[15:54] dgilmore: mmcgrath: yeah i think skvidal has some turbogears app he wanted to use
[15:54] * mmcgrath seems to remember some of that.
[15:54] skvidal: dgilmore: a loooooooong time ago
[15:54] warren: dgilmore, I saw other pastebins without auth used by random people as a way to store links to warez
[15:54] dgilmore: mmcgrath: abadger1999's fedora-python stuff should help
[15:55] dgilmore: warren: sure
[15:55] mmcgrath: yep, the fedora-python stuff is beautiful. And very easy to use.
[15:55] paulobanon: cant we limit access the same way we limit access to teh cgi's in the admin site ?
[15:55] mmcgrath: Ok, we've got a couple of minutes left. Anyone else have anything they'd like to discuss?
[15:55] dgilmore: skvidal: so now your a RHer you can get er done
[15:55] skvidal: dgilmore: heh, I'll put it on my list
[15:56] * dgilmore has nothing
[15:56] skvidal: just not ultra-highpriority, ok?
[15:56] dgilmore: skvidal: sure
[15:56] abadger1999: mmcgrath: People have been getting interested in FAS2 recently. But the instance on the test servers is down and we need to have a list of FAS tasks they can jump in to work on.
[15:56] mmcgrath: abadger1999: I haven't had anyone contact me with help. The fas link should be back up in a bit actually.
[15:57] abadger1999: Cool.
[15:57] paulobanon: should we create a Tasks list like the other SIGs have ?!
[15:57] paulobanon: instead of having everything in the schedule
[15:58] paulobanon: if we are gonna test trac, we could convert the current schedule in tasks, and get a proper schedule with milestones in Trac
[15:58] mmcgrath: paulobanon: We'll have to see more when we get into Trac.
[15:58] mmcgrath: The thing about schedules is that its always been around and we've always used it, when OTRS came around we just ignored it.
[15:59] mmcgrath: I guess we'll just have to set it up and see if we can get our team to actually use it.
[15:59] paulobanon: true
[15:59] mmcgrath: Ok, we're about to run over time.
[15:59] mmcgrath: If no one has anything pressing I'll close the meeting in 30
[15:59] mmcgrath: 10
[15:59] mmcgrath:
[15:59] fchiulli has left ( (i=824c400f(a)gateway/web/cgi-irc/ircatwork.com/x-1f7399ce8f2ba354))
[16:00] mmcgrath has set the subject to Meeting closed
[16:00] mmcgrath: thanks for coming guys.
15 years, 11 months
