Mailinglist Archive: opensuse-buildservice (251 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS 2.1 Beta 1 released
  • From: Martin Mohring <martinmohring@xxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 23 Sep 2010 18:28:35 +0200
  • Message-id: <4C9B8033.5000604@xxxxxxxxxxxxxxxxxxx>
Hi,

for those of you that want to use also the new flags currently
deactivated and do not feel uncomfortable in exporing a new security
system, I have added a security warnings section into the ACL Document:

http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL#List_of_Security_Warnings_for_OBS_2.1

Martin

Martin Mohring wrote:
Hi,

Adrian: fully correct.

And last but not least I will write down a list of cautions should you
still want to use the other flags also, because they are useful for you.

They do not make the system more unsecure compared to using only
"sourceaccess".

Martin

Adrian Schröter wrote:

Am Mittwoch, 22. September 2010, 17:47:21 schrieb Martin Mohring:


Hi,

I would like to emphasize that the Access Control System implemented now
is more than just another flag. It the most intrusive API change of OBS
since a long time.

Those willing to try out, we had documented the system here:
http://en.opensuse.org/openSUSE:Build_Service_Concept_ACL

All the documented flags and permissions are implemented.


Just to clarify, only "sourceaccess" is usable with 2.1.

The others of this concept ("access" and "privacy") can't be used since
the protection of them is not complete. However you could allow the usage
on your local instace by modifing the schema files of project and package
meta data (look for the commented out parts).

"binarydownload" is also still there, but not considered as security
mechanism so far. Just as bandwidth protection, since you can still "steal"
binaries protected via this flag in various ways.






--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >