4:21 p.m.
Hello All.
Maybe it is time to start providing general anonymous access to resources
over rsync protocol.
Technically we can do the following:
We now have resources files on a separate shared disk, we can create a new
vm specially for rsync (and possible move all other protocols there) and
then mount it read-only there so we mitigate any security risks and will
never be able to change files from that vm. This is how we planned to
improve resources initially.
The only thing is that afaik rsync protocol is not authenticated and
encrypted. There is nothing secret on resources, but the files might be
tampered along the way and I am not sure all rpms there have crypto
signatures.
Anton.
On Tue, May 10, 2016 at 3:13 PM, Dotan Paz <dpaz(a)redhat.com> wrote:
Hi,
In order to support the RHEV CI's request to sync the repo to tlv, i'd
need to have anonymous from tlv over rsync , IP : 82.81.161.50
Thanks
--
Dotan Paz , Systems Administrator
Labs & Capital Management ,
PnT DevOps
Red Hat inc.
--
Anton Marchukov
Senior Software Engineer - RHEV CI - Red Hat
4:25 p.m.
New subject: Need rsync anonymous access from Red Hat office in TLV
--p8PhoBjPxaQXD0vg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On 05/10 15:21, Anton Marchukov wrote:
Hello All.
=20
Maybe it is time to start providing general anonymous access to resources
over rsync protocol.
=20
Technically we can do the following:
=20
We now have resources files on a separate shared disk, we can create a new
vm specially for rsync (and possible move all other protocols there) and
then mount it read-only there so we mitigate any security risks and will
never be able to change files from that vm. This is how we planned to
improve resources initially.
=20
The only thing is that afaik rsync protocol is not authenticated and
encrypted. There is nothing secret on resources, but the files might be
tampered along the way and I am not sure all rpms there have crypto
signatures.
Only the official releases are signed, though I'm not 100% sure that will
ensure integrity (I guess it does though, would be easy and highly benefici=
al)
=20
Anton.
=20
=20
On Tue, May 10, 2016 at 3:13 PM, Dotan Paz <dpaz(a)redhat.com> wrote:
=20
> Hi,
> In order to support the RHEV CI's request to sync the repo to tlv, i'd
> need to have anonymous from tlv over rsync , IP : 82.81.161.50
>
> Thanks
>
> --
>
> Dotan Paz , Systems Administrator
> Labs & Capital Management ,
> PnT DevOps
> Red Hat inc.
>
>
>
>
=20
=20
--=20
Anton Marchukov
Senior Software Engineer - RHEV CI - Red Hat
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
--=20
David Caro
Red Hat S.L.
Continuous Integration Engineer - EMEA ENG Virtualization R&D
Tel.: +420 532 294 605
Email: dcaro(a)redhat.com
IRC: dcaro|dcaroest@{freenode|oftc|redhat}
Web: www.redhat.com
RHT Global #: 82-62605
--p8PhoBjPxaQXD0vg
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJXMeFHAAoJEEBxx+HSYmnDfawH/R16hh8U7JOf7Jb6G5w0xqLr
MJ6lb/isOdYrB9kxYd5urO3GyeHEhfNk/XMQLlAJI/Li4mVOxml3NGhqCX29DLfI
sdhvPgFvJYyTsjT/BznPB2nksCnfnVLnwR4/VRGUe9Yngq8RAD6w2ed7mAFQw0Qe
oLHZZLAYe6H8ldBkLRM7Ty3YBq4Udc5644XT8o51IXzlsvB2/8WenvS00hQz4E5X
ljCpmfqXRnVMRBcMzZExlaZ6FEVX9+CQsTFqKVm7/WHzQjrab0pr4PFmbolGjeHy
Ab2WMyP+ZMGHJAz/TYzwkoeuE+QHWBV5Rxm8BPC6+sF2aeRgKSVTFhan9NJO2CI=
=wzVT
-----END PGP SIGNATURE-----
--p8PhoBjPxaQXD0vg--
4:26 p.m.
New subject: Need rsync anonymous access from Red Hat office in TLV
http://ftp.snt.utwente.nl/ mentions rsync access so would
rsync://ftp.snt.utwente.nl/pub/software/ovirt/ suffice? I think it's
only synced daily, but we could ask them to sync more often.
On Tue, May 10, 2016 at 03:21:10PM +0200, Anton Marchukov wrote:
Hello All.
Maybe it is time to start providing general anonymous access to resources
over rsync protocol.
Technically we can do the following:
We now have resources files on a separate shared disk, we can create a new
vm specially for rsync (and possible move all other protocols there) and
then mount it read-only there so we mitigate any security risks and will
never be able to change files from that vm. This is how we planned to
improve resources initially.
The only thing is that afaik rsync protocol is not authenticated and
encrypted. There is nothing secret on resources, but the files might be
tampered along the way and I am not sure all rpms there have crypto
signatures.
Anton.
On Tue, May 10, 2016 at 3:13 PM, Dotan Paz <dpaz(a)redhat.com> wrote:
> Hi,
> In order to support the RHEV CI's request to sync the repo to tlv, i'd
> need to have anonymous from tlv over rsync , IP : 82.81.161.50
>
> Thanks
>
> --
>
> Dotan Paz , Systems Administrator
> Labs & Capital Management ,
> PnT DevOps
> Red Hat inc.
>
>
>
>
--
Anton Marchukov
Senior Software Engineer - RHEV CI - Red Hat
_______________________________________________
Infra mailing list
Infra(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/infra
3118
days inactive
3118
days old
2 comments
3 participants
participants (3)
-
Anton Marchukov -
David Caro -
Ewoud Kohl van Wijngaarden