> -----Original Message----- > From: Tim Ellison [mailto:t.p.elli...@gmail.com] > Sent: Thursday, 28 January 2010 2:04 AM > To: builds@apache.org > Subject: Re: Hudson access for non-PMC member > > On 27/Jan/2010 11:26, Justin Mason wrote: > > Hi Philip -- > > it's purely because the user accounts on the Hudson machines have > > quite a lot of privileges. > > Anything much more significant than people's privileges via their > people.a.o accounts? > > > Personally I'm open to the idea of making an exception if the AVRO > PMC > > call for it, and assuming none of the other Hudson admins are against > > it. > > Not against it, but if there is a flood of new account requests from > committers I'd like to examine whether we can roll those machines into > the existing infra routines.
What has been talked about in the past, to the Hudson admin team, is restricted access to Hudson Admins ONLY on the main Hudson Master box. This is going to be implemented real soon now and those not in the Hudson Admin Team will have their accounts removed. Regarding the slave machines, Minverva/Vesta , only those PMC members and approved Committers (approved by their PMC if they are not PMC Members) that need shell accounts will get one. All accounts will need to login using an SSH key as password logins will also be disabled. If you have an account on Minerva/Vesta please ensure you have a pub key installed and in use as we will switch to this system soon. Rather than seeing 500+ accounts on these machines I would rather see as few as possible, with those having accounts helping out the maintenance and configurations for all projects and not just their own. I've seen here and elsewhere maintenance become a nightmare for machines with too many accounts, too many people doing configurations for their projects which overwrite or overrule configurations for other projects, folks upgrading stuff which makes tests useless for certain projects because they depended on the older version etc. It may seem a pain for some, not being able to just log in and do as they like, but I would rather they asked instead for things to be done, and those things be done by a few volunteers, such as is the case for the majority of Infra machines. This will make maintaining and upgrading and keeping secure the machines a whole lot easier, and those that volunteer to look after the machines (not just their own project interests) will get to know the machines, where things are, what can and can not be upgraded/replaced etc. Minverva/Vesta are in need of patching as a minimum and dist-upgrade preferable considering the recent cve releases this past couple of weeks. We need people that can perform these Operating System level upgrades and patches, and know what to do if any of that breaks stuff for projects. So, I'm certainly -1 on continuing down this track of giving shell account to anyone who asks for it, it's just not workable and not sensible. I am absolutely +1 on Hudson Admin Team maintaining these boxes and giving out shell accounts to the few PMC members that really need it, and also expanding out the Hudson Admin Team if necessary to add a very few more folks that will maintain all aspects of the machines for the benefit of all projects. Gav... > > Regards, > Tim
