* Write access from compile farm
@ 2010-12-04 10:11 Daniel Kraft
2010-12-04 17:28 ` Christopher Faylor
2010-12-05 0:21 ` Hans-Peter Nilsson
0 siblings, 2 replies; 9+ messages in thread
From: Daniel Kraft @ 2010-12-04 10:11 UTC (permalink / raw)
To: overseers
Hi,
some time ago I started using the GCC compile farm for development; so
I'm wondering whether it is ok to have SVN write access from the
accounts there -- or this is considered insecure. What are the policies
there?
As SVN write authentication is done with a public key, I guess that this
means you have to set the access up appropriately up for any machine I
want to use for check-in, right? So... in case the write-access from
compile farm is ok, can I generate a public key there and submit it to
you -- or what should I do?
Thanks a lot! Yours,
Daniel
--
http://www.pro-vegan.info/
--
Done: Arc-Bar-Cav-Kni-Ran-Rog-Sam-Tou-Val-Wiz
To go: Hea-Mon-Pri
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-04 10:11 Write access from compile farm Daniel Kraft
@ 2010-12-04 17:28 ` Christopher Faylor
2010-12-05 0:21 ` Hans-Peter Nilsson
1 sibling, 0 replies; 9+ messages in thread
From: Christopher Faylor @ 2010-12-04 17:28 UTC (permalink / raw)
To: overseers, Daniel Kraft
On Sat, Dec 04, 2010 at 11:18:25AM +0100, Daniel Kraft wrote:
>some time ago I started using the GCC compile farm for development; so
>I'm wondering whether it is ok to have SVN write access from the
>accounts there -- or this is considered insecure. What are the policies
>there?
>
>As SVN write authentication is done with a public key, I guess that this
>means you have to set the access up appropriately up for any machine I
>want to use for check-in, right? So... in case the write-access from
>compile farm is ok, can I generate a public key there and submit it to
>you -- or what should I do?
If you have write access already then just use the private key which you
already have.
cgf
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-04 10:11 Write access from compile farm Daniel Kraft
2010-12-04 17:28 ` Christopher Faylor
@ 2010-12-05 0:21 ` Hans-Peter Nilsson
2010-12-05 7:08 ` Christopher Faylor
1 sibling, 1 reply; 9+ messages in thread
From: Hans-Peter Nilsson @ 2010-12-05 0:21 UTC (permalink / raw)
To: Daniel Kraft; +Cc: overseers
On Sat, 4 Dec 2010, Daniel Kraft wrote:
> some time ago I started using the GCC compile farm for development; so I'm
> wondering whether it is ok to have SVN write access from the accounts there --
> or this is considered insecure. What are the policies there?
>
> As SVN write authentication is done with a public key, I guess that this means
> you have to set the access up appropriately up for any machine I want to use
> for check-in, right? So... in case the write-access from compile farm is ok,
> can I generate a public key there and submit it to you -- or what should I do?
Assuming those who set policies don't disagree, and you're
talking about interactive session (i.e. not a cron job or robot)
just forward the *auhentication session*, no need to forge a new
key or deal with copying keys. Look at what ssh says about its
-A option and ForwardAgent config. (It might even be the
default for you.) I'm not sure, but you might have to have
ssh-agent running.
(FWIW, no I wouldn't do that. I just copy the patch and commit
from my "console" machine. You say "tin-foil", I say "hats".)
brgds, H-P
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-05 0:21 ` Hans-Peter Nilsson
@ 2010-12-05 7:08 ` Christopher Faylor
2010-12-05 8:33 ` Christopher Faylor
` (4 more replies)
0 siblings, 5 replies; 9+ messages in thread
From: Christopher Faylor @ 2010-12-05 7:08 UTC (permalink / raw)
To: overseers, Daniel Kraft, Hans-Peter Nilsson
On Sat, Dec 04, 2010 at 07:21:35PM -0500, Hans-Peter Nilsson wrote:
>On Sat, 4 Dec 2010, Daniel Kraft wrote:
>
>> some time ago I started using the GCC compile farm for development; so I'm
>> wondering whether it is ok to have SVN write access from the accounts there --
>> or this is considered insecure. What are the policies there?
>>
>> As SVN write authentication is done with a public key, I guess that this means
>> you have to set the access up appropriately up for any machine I want to use
>> for check-in, right? So... in case the write-access from compile farm is ok,
>> can I generate a public key there and submit it to you -- or what should I do?
>
>Assuming those who set policies don't disagree, and you're
>talking about interactive session (i.e. not a cron job or robot)
>just forward the *auhentication session*, no need to forge a new
>key or deal with copying keys. Look at what ssh says about its
>-A option and ForwardAgent config. (It might even be the
>default for you.) I'm not sure, but you might have to have
>ssh-agent running.
This is actually a better way of doing this than what I suggested since
what I suggested means copying a private key to a semi-public machine.
>(FWIW, no I wouldn't do that. I just copy the patch and commit
>from my "console" machine. You say "tin-foil", I say "hats".)
Yeah, ditto, there too.
cgf
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-05 7:08 ` Christopher Faylor
@ 2010-12-05 8:33 ` Christopher Faylor
2010-12-05 18:28 ` Christopher Faylor
` (3 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Christopher Faylor @ 2010-12-05 8:33 UTC (permalink / raw)
To: overseers, Daniel Kraft, Hans-Peter Nilsson
On Sat, Dec 04, 2010 at 07:21:35PM -0500, Hans-Peter Nilsson wrote:
>On Sat, 4 Dec 2010, Daniel Kraft wrote:
>
>> some time ago I started using the GCC compile farm for development; so I'm
>> wondering whether it is ok to have SVN write access from the accounts there --
>> or this is considered insecure. What are the policies there?
>>
>> As SVN write authentication is done with a public key, I guess that this means
>> you have to set the access up appropriately up for any machine I want to use
>> for check-in, right? So... in case the write-access from compile farm is ok,
>> can I generate a public key there and submit it to you -- or what should I do?
>
>Assuming those who set policies don't disagree, and you're
>talking about interactive session (i.e. not a cron job or robot)
>just forward the *auhentication session*, no need to forge a new
>key or deal with copying keys. Look at what ssh says about its
>-A option and ForwardAgent config. (It might even be the
>default for you.) I'm not sure, but you might have to have
>ssh-agent running.
This is actually a better way of doing this than what I suggested since
what I suggested means copying a private key to a semi-public machine.
>(FWIW, no I wouldn't do that. I just copy the patch and commit
>from my "console" machine. You say "tin-foil", I say "hats".)
Yeah, ditto, there too.
cgf
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-05 7:08 ` Christopher Faylor
2010-12-05 8:33 ` Christopher Faylor
@ 2010-12-05 18:28 ` Christopher Faylor
2010-12-06 14:14 ` Christopher Faylor
` (2 subsequent siblings)
4 siblings, 0 replies; 9+ messages in thread
From: Christopher Faylor @ 2010-12-05 18:28 UTC (permalink / raw)
To: overseers, Daniel Kraft, Hans-Peter Nilsson
On Sat, Dec 04, 2010 at 07:21:35PM -0500, Hans-Peter Nilsson wrote:
>On Sat, 4 Dec 2010, Daniel Kraft wrote:
>
>> some time ago I started using the GCC compile farm for development; so I'm
>> wondering whether it is ok to have SVN write access from the accounts there --
>> or this is considered insecure. What are the policies there?
>>
>> As SVN write authentication is done with a public key, I guess that this means
>> you have to set the access up appropriately up for any machine I want to use
>> for check-in, right? So... in case the write-access from compile farm is ok,
>> can I generate a public key there and submit it to you -- or what should I do?
>
>Assuming those who set policies don't disagree, and you're
>talking about interactive session (i.e. not a cron job or robot)
>just forward the *auhentication session*, no need to forge a new
>key or deal with copying keys. Look at what ssh says about its
>-A option and ForwardAgent config. (It might even be the
>default for you.) I'm not sure, but you might have to have
>ssh-agent running.
This is actually a better way of doing this than what I suggested since
what I suggested means copying a private key to a semi-public machine.
>(FWIW, no I wouldn't do that. I just copy the patch and commit
>from my "console" machine. You say "tin-foil", I say "hats".)
Yeah, ditto, there too.
cgf
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-05 7:08 ` Christopher Faylor
2010-12-05 8:33 ` Christopher Faylor
2010-12-05 18:28 ` Christopher Faylor
@ 2010-12-06 14:14 ` Christopher Faylor
2010-12-06 17:36 ` Daniel Kraft
2010-12-06 19:25 ` Christopher Faylor
4 siblings, 0 replies; 9+ messages in thread
From: Christopher Faylor @ 2010-12-06 14:14 UTC (permalink / raw)
To: overseers, Daniel Kraft, Hans-Peter Nilsson
On Sat, Dec 04, 2010 at 07:21:35PM -0500, Hans-Peter Nilsson wrote:
>On Sat, 4 Dec 2010, Daniel Kraft wrote:
>
>> some time ago I started using the GCC compile farm for development; so I'm
>> wondering whether it is ok to have SVN write access from the accounts there --
>> or this is considered insecure. What are the policies there?
>>
>> As SVN write authentication is done with a public key, I guess that this means
>> you have to set the access up appropriately up for any machine I want to use
>> for check-in, right? So... in case the write-access from compile farm is ok,
>> can I generate a public key there and submit it to you -- or what should I do?
>
>Assuming those who set policies don't disagree, and you're
>talking about interactive session (i.e. not a cron job or robot)
>just forward the *auhentication session*, no need to forge a new
>key or deal with copying keys. Look at what ssh says about its
>-A option and ForwardAgent config. (It might even be the
>default for you.) I'm not sure, but you might have to have
>ssh-agent running.
This is actually a better way of doing this than what I suggested since
what I suggested means copying a private key to a semi-public machine.
>(FWIW, no I wouldn't do that. I just copy the patch and commit
>from my "console" machine. You say "tin-foil", I say "hats".)
Yeah, ditto, there too.
cgf
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-05 7:08 ` Christopher Faylor
` (2 preceding siblings ...)
2010-12-06 14:14 ` Christopher Faylor
@ 2010-12-06 17:36 ` Daniel Kraft
2010-12-06 19:25 ` Christopher Faylor
4 siblings, 0 replies; 9+ messages in thread
From: Daniel Kraft @ 2010-12-06 17:36 UTC (permalink / raw)
To: overseers, Daniel Kraft, Hans-Peter Nilsson
Hi,
Christopher Faylor wrote:
> On Sat, Dec 04, 2010 at 07:21:35PM -0500, Hans-Peter Nilsson wrote:
>> On Sat, 4 Dec 2010, Daniel Kraft wrote:
>>
>>> some time ago I started using the GCC compile farm for development; so I'm
>>> wondering whether it is ok to have SVN write access from the accounts there --
>>> or this is considered insecure. What are the policies there?
>>>
>>> As SVN write authentication is done with a public key, I guess that this means
>>> you have to set the access up appropriately up for any machine I want to use
>>> for check-in, right? So... in case the write-access from compile farm is ok,
>>> can I generate a public key there and submit it to you -- or what should I do?
>> Assuming those who set policies don't disagree, and you're
>> talking about interactive session (i.e. not a cron job or robot)
>> just forward the *auhentication session*, no need to forge a new
>> key or deal with copying keys. Look at what ssh says about its
>> -A option and ForwardAgent config. (It might even be the
>> default for you.) I'm not sure, but you might have to have
>> ssh-agent running.
>
> This is actually a better way of doing this than what I suggested since
> what I suggested means copying a private key to a semi-public machine.
thanks a lot for the useful tipps!
Yours,
Daniel
--
http://www.pro-vegan.info/
--
Done: Arc-Bar-Cav-Kni-Ran-Rog-Sam-Tou-Val-Wiz
To go: Hea-Mon-Pri
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: Write access from compile farm
2010-12-05 7:08 ` Christopher Faylor
` (3 preceding siblings ...)
2010-12-06 17:36 ` Daniel Kraft
@ 2010-12-06 19:25 ` Christopher Faylor
4 siblings, 0 replies; 9+ messages in thread
From: Christopher Faylor @ 2010-12-06 19:25 UTC (permalink / raw)
To: Daniel Kraft, overseers, Hans-Peter Nilsson
Sorry for the duplication. I don't know why that happened. Guess it will be interesting
to see if this triggers it too.
cgf
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2010-12-05 18:28 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-12-04 10:11 Write access from compile farm Daniel Kraft
2010-12-04 17:28 ` Christopher Faylor
2010-12-05 0:21 ` Hans-Peter Nilsson
2010-12-05 7:08 ` Christopher Faylor
2010-12-05 8:33 ` Christopher Faylor
2010-12-05 18:28 ` Christopher Faylor
2010-12-06 14:14 ` Christopher Faylor
2010-12-06 17:36 ` Daniel Kraft
2010-12-06 19:25 ` Christopher Faylor
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).