FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 08-27-2008, 03:10 PM
Vincent Danjean
 
Default people.debian.org to move to ravel

Hi,

Peter Palfrader wrote:
> Once you are satisfied with the content on newpeople you can instruct
> apache on oldpeople to redirect requests to the new place. On gluck
> do the following:
> echo "RewriteEngine on" > ~/.public_html/.htaccess
> echo 'RewriteRule ^(.*) http://newpeople.debian.org/~'$USER'/$1 [R,L]' >> ~/.public_html/.htaccess

[note: there is an incorrect '.' before 'public_html']

I use people to publish not completely ready/wip/... packages in an apt
repo (see my signature bellow).
apt does not follow 301 errors generated by theses rules.

I'm not a apache guru, so do you know another solution ? I tried with '[P]'
instead of '[R,L]' but I got a 401 error (mod_proxy should be configured
for that to work ?)

For now, I removed the .htaccess and I will wait for the DNS move of
people.debian.org (so not removing my files on gluck for now)

Regards,
Vincent

--
Vincent Danjean GPG key ID 0x9D025E87 vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A 8A94 0BF7 7867 9D02 5E87
Unofficial packages: http://www-id.imag.fr/~danjean/deb.html#package
APT repo: deb http://perso.debian.org/~vdanjean/debian unstable main


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 06:15 AM
Mike Hommey
 
Default people.debian.org to move to ravel

On Wed, Aug 27, 2008 at 02:00:31PM +0200, Peter Palfrader wrote:
> Once you are satisfied with the content on newpeople you can instruct
> apache on oldpeople to redirect requests to the new place. On gluck
> do the following:
> echo "RewriteEngine on" > ~/.public_html/.htaccess
> echo 'RewriteRule ^(.*) http://newpeople.debian.org/~'$USER'/$1 [R,L]' >> ~/.public_html/.htaccess

Or simpler and not requiring mod_rewrite:
echo "Redirect /~$USER/ http://newpeople.debian.org/~$USER/" > ~/public_html/.htaccess

Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 07:05 AM
"Paul Wise"
 
Default people.debian.org to move to ravel

On Thu, Aug 28, 2008 at 2:15 PM, Mike Hommey <mh@glandium.org> wrote:

> Or simpler and not requiring mod_rewrite:
> echo "Redirect /~$USER/ http://newpeople.debian.org/~$USER/" > ~/public_html/.htaccess

Best to use RedirectTemp instead of Redirect, since the latter seems
to produce "301 Moved permanently" on gluck.

--
bye,
pabs

http://wiki.debian.org/PaulWise


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 07:12 AM
Steve Langasek
 
Default people.debian.org to move to ravel

On Wed, Aug 27, 2008 at 02:00:31PM +0200, Peter Palfrader wrote:

> Once the move has been completed we expect to make gluck restricted to
> the people operating the services that will remain on gluck, so please
> clean out your homedir when you no longer need it there.

One of the services running on gluck is lintian.debian.org, which until now
has been available for all developers to use in doing archive-wide scans.
Is this service no longer going to be available to developers at large?

> Ravel is a freshly installed system so there probably are a few packages
> missing that you might need. Please contact DSA at the debian-admin
> mailinglist with requests. Also, ssh logins are restricted to key based
> logins, password based logins are not allowed. Submit your keys to ldap
> as documented on http://db.debian.org/.

What's the reason for this authentication policy, which differs from (AFAIK)
all developer-public debian.org hosts to date? Is this a sign of a broader
policy change coming down the line?

I generally avoid using password authentication to Debian hosts, *except* in
the particular case of scp'ing files from one Debian host to another because
I don't have a key that I'm willing to do authentication forwarding on to
Debian hosts, nor do I particularly want to use up my home bandwidth copying
files up and down to move them between two remote hosts. I would appreciate
not having this use case impaired by policy changes of unclear origin.

Thanks,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 07:51 AM
Aurelien Jarno
 
Default people.debian.org to move to ravel

On Wed, Aug 27, 2008 at 02:00:31PM +0200, Peter Palfrader wrote:
> Hi,
Hi!

> we shipped one of the machines that HP had so graciously donated a while
> ago to Canada where UBC Electrical and Computer Engineering kindly
> agreed to host it.
>
> This machine, ravel.debian.org, will become the new people.debian.org
> machine, providing general shell services to DDs and the
> http://people.debian.org/~<user>/ webpages.
>

Would it be possible to enable README.txt indexing (like on gluck.d.o)?

Thanks,
Aurelien

--
.'`. Aurelien Jarno | GPG: 1024D/F1BCDB73
: :' : Debian developer | Electrical Engineer
`. `' aurel32@debian.org | aurelien@aurel32.net
`- people.debian.org/~aurel32 | www.aurel32.net


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 09:43 AM
Peter Palfrader
 
Default people.debian.org to move to ravel

On Thu, 28 Aug 2008, Aurelien Jarno wrote:

> On Wed, Aug 27, 2008 at 02:00:31PM +0200, Peter Palfrader wrote:
> > Hi,
> Hi!
>
> > we shipped one of the machines that HP had so graciously donated a while
> > ago to Canada where UBC Electrical and Computer Engineering kindly
> > agreed to host it.
> >
> > This machine, ravel.debian.org, will become the new people.debian.org
> > machine, providing general shell services to DDs and the
> > http://people.debian.org/~<user>/ webpages.
> >
>
> Would it be possible to enable README.txt indexing (like on gluck.d.o)?

Changed from README.html to README.txt to match gluck's setup.

--
| .'`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 10:36 AM
Wouter Verhelst
 
Default people.debian.org to move to ravel

On Wed, Aug 27, 2008 at 02:00:31PM +0200, Peter Palfrader wrote:
> Once the move has been completed we expect to make gluck restricted to
> the people operating the services that will remain on gluck, so please
> clean out your homedir when you no longer need it there.

So what's going to happen with lintian.debian.org, and will the lintian
lab still be available to people who're not maintaining it? The lintian
lab contains all packages in an extracted form, which can be useful for
running statistics, or for having a look at random information -- for
instance, I've been trying to do a survey of the README.source
acceptance, so as to see whether the wording in policy is good enough as
is or whether it might need some polishing for clarity, through use of
the lintian lab.

It'd suck majorly if J. Random Developer would have to jump through
hoops in order to be able to access the lintian lab.

--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 05:28 PM
Mike Hommey
 
Default people.debian.org to move to ravel

On Thu, Aug 28, 2008 at 03:05:13PM +0800, Paul Wise wrote:
> On Thu, Aug 28, 2008 at 2:15 PM, Mike Hommey <mh@glandium.org> wrote:
>
> > Or simpler and not requiring mod_rewrite:
> > echo "Redirect /~$USER/ http://newpeople.debian.org/~$USER/" > ~/public_html/.htaccess
>
> Best to use RedirectTemp instead of Redirect, since the latter seems
> to produce "301 Moved permanently" on gluck.

Well, it works for me:
# lynx -dump -head http://people.debian.org/~glandium/bts/ | head -1
HTTP/1.1 302 Found

Mike


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-28-2008, 07:31 PM
Peter Palfrader
 
Default people.debian.org to move to ravel

On Thu, 28 Aug 2008, Steve Langasek wrote:

> One of the services running on gluck is lintian.debian.org, which until now
> has been available for all developers to use in doing archive-wide scans.
> Is this service no longer going to be available to developers at large?

Unknown. We have not talked to the lintian folks yet on what we are
going to do with lintian.d.o, if in fact we do anything at all.

The first step is to get people.d.o out from the HP network because they
really don't want us shipping software from their place.

> > Ravel is a freshly installed system so there probably are a few packages
> > missing that you might need. Please contact DSA at the debian-admin
> > mailinglist with requests. Also, ssh logins are restricted to key based
> > logins, password based logins are not allowed. Submit your keys to ldap
> > as documented on http://db.debian.org/.
>
> What's the reason for this authentication policy, which differs from (AFAIK)
> all developer-public debian.org hosts to date? Is this a sign of a broader
> policy change coming down the line?

It is. Limiting an attacker's ability to easily jump from one
compromised box to another is something we really want to have. Not
tomorrow, but eventually.

> I generally avoid using password authentication to Debian hosts, *except* in
> the particular case of scp'ing files from one Debian host to another because
> I don't have a key that I'm willing to do authentication forwarding on to
> Debian hosts, nor do I particularly want to use up my home bandwidth copying
> files up and down to move them between two remote hosts. I would appreciate
> not having this use case impaired by policy changes of unclear origin.

I think it's pretty obvious why this policy change is something that
should have been done long ago. That being said we are evaluating means
that will allow simple file transfers.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 08-29-2008, 01:51 AM
Steve Langasek
 
Default people.debian.org to move to ravel

On Thu, Aug 28, 2008 at 09:31:41PM +0200, Peter Palfrader wrote:
> On Thu, 28 Aug 2008, Steve Langasek wrote:

> > One of the services running on gluck is lintian.debian.org, which until now
> > has been available for all developers to use in doing archive-wide scans.
> > Is this service no longer going to be available to developers at large?

> Unknown. We have not talked to the lintian folks yet on what we are
> going to do with lintian.d.o, if in fact we do anything at all.

> The first step is to get people.d.o out from the HP network because they
> really don't want us shipping software from their place.

Right, I'm aware of that constraint. Might it be possible to satisfy this
requirement while still allowing developer access to the machine, though,
and just disabling UserDir support? That would leave the lintian lab
available while eliminating the software distribution...

> > I generally avoid using password authentication to Debian hosts, *except* in
> > the particular case of scp'ing files from one Debian host to another because
> > I don't have a key that I'm willing to do authentication forwarding on to
> > Debian hosts, nor do I particularly want to use up my home bandwidth copying
> > files up and down to move them between two remote hosts. I would appreciate
> > not having this use case impaired by policy changes of unclear origin.

> I think it's pretty obvious why this policy change is something that
> should have been done long ago. That being said we are evaluating means
> that will allow simple file transfers.

Well, as noted it's not an unqualified win for security, so it's helpful to
have the reasoning made explicit. It does protect users from having their
passwords sniffed on login in the event of a compromise, but it doesn't
prevent their ssh authentication forwarding (if any) from being used to
compromise other hosts in the same way that password sniffing could.

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek@ubuntu.com vorlon@debian.org


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 03:21 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org