www-jcp-open mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Distributing TCK materials ideas....
Date Wed, 21 Apr 2010 01:13:36 GMT

In the current process, obtaining a new TCK artifact generally involves:

1) Request it from Geir
2) He downloads it from Sun and sticks it in your home directory
3) He sends you an email saying it's there (or worse: sends a note to jcp-open 
saying its there so the world sees)
4) You download it.

The latest security breaches we had, to me, really shows some dangers of 
putting materials under NDA in peoples home directories.  One thing I'd like 
to do is get away from that.  Ideally, to me, we'd even get them off of 
minotaur entirely.   Mino is definitely the least secure machine we have at 
Apache and keeping anything there that needs to be held behind a veil of 
privacy is, IMO, a bad idea and just asking for trouble.  

Now that we have LDAP in place and all the machines have been updated to 
FreeBSD 8 which supports virtually unlimitted groups, I would suggest that we 
use that as a starting point.   Figure out who needs TCK's and get appropriate 
LDAP groups.    We have some starts of that with jcp-jaxws-nda, jcp-jaxrs-nda, 
etc...  I'm not sure if that needs to be expanded.   Needs to be investigated.  
Processing a new NDA would involve adding them to the appropriate LDAP 
group/groups.  In anycase, create a single area someplace readable by the 
group where the materials are placed.  (more in a sec)   They are never placed 
in home dirs.   

We could start off with a specific area on mino with subdirs per group. I'd be 
"ok" with that as a starting point as that gets them out of the home dirs so 
someone would really need to look harder to find them.   However, ideally, 
we'd get a private svn repo for the materials to be kept and the materials 
would NEVER be placed on minotaur.  Yes, the materials are gigantic and SVN 
isn't the "best option" for gigantic tar balls,  but I think it would give us 
better control and security.  

In any case, when new materials are downloaded, they'd get stuck in the 
appropriate place (svn or on mino) and a simple, "new materials avail" note 
sent out.  Everyone in the appropriate group that was waiting for it can get 
it when they are ready.   Doesn't need to be copied to 6 different home dirs, 
etc...   Thus, it creates less work for the new suckers/volunteers.  :-)

Thoughts?   Other ideas?   I'd be happy to try and start working with 
infrastructure to get this setup if we think it's a good idea.

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message