www-jcp-open mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geir Magnusson Jr <g...@pobox.com>
Subject Re: Distributing TCK materials ideas....
Date Wed, 21 Apr 2010 21:47:51 GMT
Could we leverage s3 in a secure way?

Sent from my iPad

On Apr 21, 2010, at 5:42 PM, David Jencks <david_jencks@yahoo.com> wrote:

> There's already the geronimo private tck svn.  Is there a good reason to set up another
one rather than just giving everyone who signed a NDA access to it?
> BTW IIRC in j2ee 1.4 days we tried putting the tck in svn and ran into serious problems,
like you couldn't check it out 'cause it was too big.  Maybe we should check that it might
work on the g. tck svn before involving infra?  Or is some additional configuration required
to allow large files?  Or do we know svn has advanced in the last few years?
> thanks
> david jencks
> On Apr 20, 2010, at 6:13 PM, Daniel Kulp wrote:
>> In the current process, obtaining a new TCK artifact generally involves:
>> 1) Request it from Geir
>> 2) He downloads it from Sun and sticks it in your home directory
>> 3) He sends you an email saying it's there (or worse: sends a note to jcp-open 
>> saying its there so the world sees)
>> 4) You download it.
>> The latest security breaches we had, to me, really shows some dangers of 
>> putting materials under NDA in peoples home directories.  One thing I'd like 
>> to do is get away from that.  Ideally, to me, we'd even get them off of 
>> minotaur entirely.   Mino is definitely the least secure machine we have at 
>> Apache and keeping anything there that needs to be held behind a veil of 
>> privacy is, IMO, a bad idea and just asking for trouble.  
>> Now that we have LDAP in place and all the machines have been updated to 
>> FreeBSD 8 which supports virtually unlimitted groups, I would suggest that we 
>> use that as a starting point.   Figure out who needs TCK's and get appropriate 
>> LDAP groups.    We have some starts of that with jcp-jaxws-nda, jcp-jaxrs-nda, 
>> etc...  I'm not sure if that needs to be expanded.   Needs to be investigated.  
>> Processing a new NDA would involve adding them to the appropriate LDAP 
>> group/groups.  In anycase, create a single area someplace readable by the 
>> group where the materials are placed.  (more in a sec)   They are never placed 
>> in home dirs.   
>> We could start off with a specific area on mino with subdirs per group. I'd be 
>> "ok" with that as a starting point as that gets them out of the home dirs so 
>> someone would really need to look harder to find them.   However, ideally, 
>> we'd get a private svn repo for the materials to be kept and the materials 
>> would NEVER be placed on minotaur.  Yes, the materials are gigantic and SVN 
>> isn't the "best option" for gigantic tar balls,  but I think it would give us 
>> better control and security.  
>> In any case, when new materials are downloaded, they'd get stuck in the 
>> appropriate place (svn or on mino) and a simple, "new materials avail" note 
>> sent out.  Everyone in the appropriate group that was waiting for it can get 
>> it when they are ready.   Doesn't need to be copied to 6 different home dirs, 
>> etc...   Thus, it creates less work for the new suckers/volunteers.  :-)
>> Thoughts?   Other ideas?   I'd be happy to try and start working with 
>> infrastructure to get this setup if we think it's a good idea.
>> -- 
>> Daniel Kulp
>> dkulp@apache.org
>> http://dankulp.com/blog

View raw message