www-jcp-open mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: Distributing TCK materials ideas....
Date Thu, 22 Apr 2010 01:56:06 GMT
On Wednesday 21 April 2010 5:42:14 pm David Jencks wrote:
> There's already the geronimo private tck svn.  Is there a good reason to
> set up another one rather than just giving everyone who signed a NDA
> access to it?

Well, the geronimo-tck thing is just a subdirectory of  the tck private repo:
https://svn.apache.org/repos/tck/
and there are other subdirs there as well.

My thought was to add another subdir to there which would be the base for it.  
Should it just be named "tcks" or "materials" or "download" or ....?

In anycase, that dir would be setup for writable by Gier, Mark, and myself and 
subdirs in there setup for readonly for those with the appropriate NDA 
submitted.   

> BTW IIRC in j2ee 1.4 days we tried putting the tck in svn and ran into
> serious problems, like you couldn't check it out 'cause it was too big. 
> Maybe we should check that it might work on the g. tck svn before
> involving infra?  Or is some additional configuration required to allow
> large files?  Or do we know svn has advanced in the last few years?

doing some searches through the svn dev/users lists shows people that were 
successul with 700MB files and 500MB+ files and such just last year.   They 
"claim" noo inherent limit other than possible filesystem limits (like on a 
fat drive, limit to 2 or 4GB).


Dan


> thanks
> david jencks
> 
> On Apr 20, 2010, at 6:13 PM, Daniel Kulp wrote:
> > In the current process, obtaining a new TCK artifact generally involves:
> > 
> > 1) Request it from Geir
> > 2) He downloads it from Sun and sticks it in your home directory
> > 3) He sends you an email saying it's there (or worse: sends a note to
> > jcp-open saying its there so the world sees)
> > 4) You download it.
> > 
> > The latest security breaches we had, to me, really shows some dangers of
> > putting materials under NDA in peoples home directories.  One thing I'd
> > like to do is get away from that.  Ideally, to me, we'd even get them
> > off of minotaur entirely.   Mino is definitely the least secure machine
> > we have at Apache and keeping anything there that needs to be held
> > behind a veil of privacy is, IMO, a bad idea and just asking for
> > trouble.
> > 
> > Now that we have LDAP in place and all the machines have been updated to
> > FreeBSD 8 which supports virtually unlimitted groups, I would suggest
> > that we use that as a starting point.   Figure out who needs TCK's and
> > get appropriate LDAP groups.    We have some starts of that with
> > jcp-jaxws-nda, jcp-jaxrs-nda, etc...  I'm not sure if that needs to be
> > expanded.   Needs to be investigated. Processing a new NDA would involve
> > adding them to the appropriate LDAP group/groups.  In anycase, create a
> > single area someplace readable by the group where the materials are
> > placed.  (more in a sec)   They are never placed in home dirs.
> > 
> > We could start off with a specific area on mino with subdirs per group.
> > I'd be "ok" with that as a starting point as that gets them out of the
> > home dirs so someone would really need to look harder to find them.  
> > However, ideally, we'd get a private svn repo for the materials to be
> > kept and the materials would NEVER be placed on minotaur.  Yes, the
> > materials are gigantic and SVN isn't the "best option" for gigantic tar
> > balls,  but I think it would give us better control and security.
> > 
> > In any case, when new materials are downloaded, they'd get stuck in the
> > appropriate place (svn or on mino) and a simple, "new materials avail"
> > note sent out.  Everyone in the appropriate group that was waiting for
> > it can get it when they are ready.   Doesn't need to be copied to 6
> > different home dirs, etc...   Thus, it creates less work for the new
> > suckers/volunteers.  :-)
> > 
> > Thoughts?   Other ideas?   I'd be happy to try and start working with
> > infrastructure to get this setup if we think it's a good idea.

-- 
Daniel Kulp
dkulp@apache.org
http://dankulp.com/blog

Mime
View raw message