Re: RFC: Securing maintainer uploads to master.gnome.org

From: David Woodhouse <dwmw2 infradead org>
To: Olav Vitters <olav vitters nl>
Cc: desktop-devel-list gnome org
Subject: Re: RFC: Securing maintainer uploads to master.gnome.org
Date: Thu, 10 Nov 2011 12:21:04 +0000

On Thu, 2011-11-10 at 12:47 +0100, Olav Vitters wrote:
> Loads of people currently have access to master.gnome.org as to upload
> tarballs. This is currently done by handing out shell access to these
> people.
> 
> If any of the 350+ has their machine compromised, someone could easily
> use that to reach shell on master.gnome.org. I don't want that to be
> possible.

One of the things I set up for kernel.org (although I don't think it's
deployed for normal users {yet,}) is two-factor authentication. So you
are required to use an SSH key *and* a one-time password (using Google
Authenticator) in order to log in.

-- 
dwmw2

References:
- RFC: Securing maintainer uploads to master.gnome.org
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]