forrest-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Brondsema <d...@brondsema.net>
Subject Re: [Proposal] forrestbot at apache.org
Date Wed, 28 Jul 2004 15:30:26 GMT
On Wed, 28 Jul 2004, David Crossley wrote:

> It may be better to change the text on that page to qualify
> the statement about deployment until the issues are sorted out
> with infrastructure. The last time that forrestbot was discussed,
> everyone went off on a tangent over that.
>

I looked at some old forrestbot threads from the infrastructure list
(David provided them to me) and a lot of concern was about security.  We
need to make some improvements to the bot & webapp before it would be
useable ASF-wide.

webapp authentication uses osuser, which is pluggable.  I can write a JAAS
authenticator which would allow logins to authenticate against /etc/passwd
and /etc/groups

svn/cvs passwords (for committing) is trickier.  We could probably set up
the webapp to let a user type in a password, and pass that on to the bot.
But if the bot is run from a cron job, that won't work.  We don't want to
have plaintext passwords in files, nor private SVN keys, and we can't
prompt the user because this is automatic.  Does anybody have any ideas
for this?

-- 
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
http://csx.calvin.edu : student org

Mime
View raw message