[Savannah-hackers] Re: Project submissions at Savannah

[Sylvain Beucler]

Hi,

On 2004.04.20 08:39, Elfyn McBratney wrote:
> Yep, that might be because I don't seem to be getting all
> savannah-hackers
> list mail, though that's probably my ISP.

I could also be your spam filter. Since we receive daily spam at  
savannah-hackers, maybe the filter makes mistakes...

> > About the file upload interface, you should try to get the
> > discussions on it in the archive, as well as read the news comments  
> > in: https://savannah.gnu.org/forum/forum.php?forum_id=2838
>
> I spent about an hour going through the archives yesterday trying to
> gather all the relevant posts, but gave up because mail.gnu.org was  
> taking ages to respond to single requests.
>
> I might just download the mbox archives on
> ftp-mailing-list-archives.gnu.org
> and go from there..

I'll try to sum up.
The previous system was working using sftp and rsync over ssh and it  
seems people liked it better.

But we have to change, because we would like every file to be GPG  
signed.
As discussed in the news item 'forum', the new system is not perfect.  
It allows people to upload things you signed, like e-mails. It does not  
allow people to remove files. It does not allow people to manage their  
files (move, rename, etc). It is cumbersome because of the need to sign  
every single file.

A temporary solution is to create a web interface integrated in Savane  
to manage people's files.
To get the right to manage the files (Unix side), the ftp-daemon could  
create the files with www-data group, or else vsftpd and httpd could  
share a Unix group.
The uploading system would stay the same.
The interface should IMHO first propose a very secure 'mv', and then we  
could build a more user-friendly interface on top of it (file explorer,  
etc). The main concern is that people should not access other people's  
files, while the system can do it.
Another solution would have been to use CGI+suEXEC, but it would be  
very tedious to set up.
A feature this module could provide would be file uploading: this would  
permit to check the signature on the fly and provide accurate error  
reporting, while providing basic authentication through Savane.

The goal in the long run would be to offer again a convenient way to  
upload files. In particular, some people upload a lots of files, a  
whole directory structure, to their upload area, and wish to continue  
to do so.
The issues are:
- simplicity
- integrity
- efficiency

Simplicity because people do not like to sign their files. I am  
currently trying to see whether gpg-agent is usable, which would quite  
solve the issue. Currently gpg-agent is only available through the  
latest CVS. We could contribute to GnuPG and provide an RPM for our  
users. We could also provide a script, like Patrick's, to automatize  
the task. The file management interface would still be usefull here for  
people not familiar with rsync or sftp.
Integrity because we have to check that each file is signed.
Efficiency because we have to find a quick way to check all files: if  
we provide again a rsync access, then we'll have to check all files on  
all projects on a regular basis, like each day; files that are not  
correctly signed would be deleted. We cannot even base our check on the  
dates, since rsync provide a way to keep the source files timestamp.
I also have to check whether old files with expired signatures are  
considered signed or not.


> > I think I have a fair understanding of this feature, so we should
> > have a talk before you start working on this. Also do not forget we
> > have 2 volunteers who can work on this.
>
> Sure.  Right now, I've just been making notes, playing with little
> bits of code, etc..  I'll send a mail later on today to savannah- 
> hackers with the ideas I've got so far and maybe we can start the  
> ball rolling from there? :)

Fine indeed. I just posted my ideas as well :)


> > No.  I think that is a temporary task that is more complicated than
> > most of the permanent tasks we have to do.
>
> Hrmm.. then what is the point of savannah-newprojects?

I guess we can extract all pending projects submittors, then mass  
subscribe, and then send them a message with archive facility.


> > I disagree with some points in Bradley's mail, mainly when he says
> > that there were security flaws in Savane.
>
> Well, there was the $feedback flaw, but that was discovered after the
> decision to move to GForge was made (AFAIK).  Unless they know of  
> flaws in Savane that we don't..

That's also my point. The message was posted before Lorenzo did his  
audit.


> > Last, the english word for your 'Lastly' is 'Last' :)
>
> Hrmm.. *picks up dictionary*
>
>   lastly adv. finally; in the last place.
>
> :-P

That's the last time I am foolish enough to make english advices.  
Incidentally I learnt a new word :)

--
Sylvain