Re: Need rsync anonymous access from Red Hat office in TLV
Hello All. Maybe it is time to start providing general anonymous access to resources over rsync protocol. Technically we can do the following: We now have resources files on a separate shared disk, we can create a new vm specially for rsync (and possible move all other protocols there) and then mount it read-only there so we mitigate any security risks and will never be able to change files from that vm. This is how we planned to improve resources initially. The only thing is that afaik rsync protocol is not authenticated and encrypted. There is nothing secret on resources, but the files might be tampered along the way and I am not sure all rpms there have crypto signatures. Anton. On Tue, May 10, 2016 at 3:13 PM, Dotan Paz <dpaz@redhat.com> wrote:
Hi, In order to support the RHEV CI's request to sync the repo to tlv, i'd need to have anonymous from tlv over rsync , IP : 82.81.161.50
Thanks
--
Dotan Paz , Systems Administrator Labs & Capital Management , PnT DevOps Red Hat inc.
-- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat
--p8PhoBjPxaQXD0vg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 05/10 15:21, Anton Marchukov wrote:
Hello All. =20 Maybe it is time to start providing general anonymous access to resources over rsync protocol. =20 Technically we can do the following: =20 We now have resources files on a separate shared disk, we can create a new vm specially for rsync (and possible move all other protocols there) and then mount it read-only there so we mitigate any security risks and will never be able to change files from that vm. This is how we planned to improve resources initially. =20 The only thing is that afaik rsync protocol is not authenticated and encrypted. There is nothing secret on resources, but the files might be tampered along the way and I am not sure all rpms there have crypto signatures.
Only the official releases are signed, though I'm not 100% sure that will ensure integrity (I guess it does though, would be easy and highly benefici= al)
=20 Anton. =20 =20 On Tue, May 10, 2016 at 3:13 PM, Dotan Paz <dpaz@redhat.com> wrote: =20
Hi, In order to support the RHEV CI's request to sync the repo to tlv, i'd need to have anonymous from tlv over rsync , IP : 82.81.161.50
Thanks
--
Dotan Paz , Systems Administrator Labs & Capital Management , PnT DevOps Red Hat inc.
=20 =20 --=20 Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
--=20 David Caro Red Hat S.L. Continuous Integration Engineer - EMEA ENG Virtualization R&D Tel.: +420 532 294 605 Email: dcaro@redhat.com IRC: dcaro|dcaroest@{freenode|oftc|redhat} Web: www.redhat.com RHT Global #: 82-62605 --p8PhoBjPxaQXD0vg Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJXMeFHAAoJEEBxx+HSYmnDfawH/R16hh8U7JOf7Jb6G5w0xqLr MJ6lb/isOdYrB9kxYd5urO3GyeHEhfNk/XMQLlAJI/Li4mVOxml3NGhqCX29DLfI sdhvPgFvJYyTsjT/BznPB2nksCnfnVLnwR4/VRGUe9Yngq8RAD6w2ed7mAFQw0Qe oLHZZLAYe6H8ldBkLRM7Ty3YBq4Udc5644XT8o51IXzlsvB2/8WenvS00hQz4E5X ljCpmfqXRnVMRBcMzZExlaZ6FEVX9+CQsTFqKVm7/WHzQjrab0pr4PFmbolGjeHy Ab2WMyP+ZMGHJAz/TYzwkoeuE+QHWBV5Rxm8BPC6+sF2aeRgKSVTFhan9NJO2CI= =wzVT -----END PGP SIGNATURE----- --p8PhoBjPxaQXD0vg--
http://ftp.snt.utwente.nl/ mentions rsync access so would rsync://ftp.snt.utwente.nl/pub/software/ovirt/ suffice? I think it's only synced daily, but we could ask them to sync more often. On Tue, May 10, 2016 at 03:21:10PM +0200, Anton Marchukov wrote:
Hello All.
Maybe it is time to start providing general anonymous access to resources over rsync protocol.
Technically we can do the following:
We now have resources files on a separate shared disk, we can create a new vm specially for rsync (and possible move all other protocols there) and then mount it read-only there so we mitigate any security risks and will never be able to change files from that vm. This is how we planned to improve resources initially.
The only thing is that afaik rsync protocol is not authenticated and encrypted. There is nothing secret on resources, but the files might be tampered along the way and I am not sure all rpms there have crypto signatures.
Anton.
On Tue, May 10, 2016 at 3:13 PM, Dotan Paz <dpaz@redhat.com> wrote:
Hi, In order to support the RHEV CI's request to sync the repo to tlv, i'd need to have anonymous from tlv over rsync , IP : 82.81.161.50
Thanks
--
Dotan Paz , Systems Administrator Labs & Capital Management , PnT DevOps Red Hat inc.
-- Anton Marchukov Senior Software Engineer - RHEV CI - Red Hat
_______________________________________________ Infra mailing list Infra@ovirt.org http://lists.ovirt.org/mailman/listinfo/infra
participants (3)
-
Anton Marchukov -
David Caro -
Ewoud Kohl van Wijngaarden