Re: [PATCH]URL is unavailable

[Konstantin Ryabitsev]

On 13/09/12 05:32 AM, Borislav Petkov wrote:
> My memory is hazy on this, but after the move, what's the policy on
> enabling users.kernel.org or userweb.kernel org or some other user web
> serving thing? I vaguely remember that we don't want to do this anymore
> but I'm not sure.

Well, as such system would be the largest security risk, it's
understandable that we're, err... reticent to have it up anywhere near
the rest of the infrastructure. :) We do have ssh enabled on two systems
that require git and release management, but anyone ssh'ing in never
gets a real shell and is severely locked down with SELinux.

> In any case, if we do, it would probably be better to have a whole
> different machine for such stuff and let users upload their stuff again
> without touching the old backups at all...

A better question is -- what is the problem we are trying to solve? We
are not in the business of providing free web hosting -- our aim is to
facilitate kernel development. We already provide a mechanism for git
trees and release tarballs. What is lacking is a simple way to publish
documentation -- it can be currently done with kup, but it's poorly
suited for uploading and managing many small files.

We already have a skeleton implementation of pulling such docs from git
trees (e.g. git docs are published that way). It's on my list of things
to extend this to a more universal and versatile system that would make
it easy for anyone to publish arbitrary documentation via their git
access -- perhaps on a subdomain like docs.kernel.org/treename/[etc]. We
can even require the use of "git tag -s" -- this will give us both
adequate security and history of changes.

I think this would be a better approach than allowing unfettered ssh
access and upload of arbitrary files.

Regards,
-- 
Konstantin Ryabitsev
Systems Administrator
Linux Foundation, kernel.org
MontrÃal, QuÃbec

Attachment: signature.asc
Description: OpenPGP digital signature