[Ffmpeg-devel] Re: [MPlayer-dev-eng] mphq2 - admins wanted

Rich Felker dalias
Mon Sep 5 18:46:31 CEST 2005


On Mon, Sep 05, 2005 at 12:20:39PM +0200, Michael Niedermayer wrote:
> Hi
> 
> On Mon, Sep 05, 2005 at 05:19:02AM -0400, Rich Felker wrote:
> > On Mon, Sep 05, 2005 at 09:23:16AM +0200, Attila Kinali wrote:
> [...]
> 
> > 
> > > Anyways, any concidered solution has to fullfill 3 criteria:
> > > * Secure enough so any break in is unlikely
> > 
> > IMO this is not sufficient. The minimal condition is: secure enough
> > that compromise of a non-root account cannot result in changes to cvs
> > repository or content served by the webserver without such changes
> > being immediately visible to the entire devel team,
> 
> iam curious how you want to achive this?
> cvs -o, and the fact that the rcs files must be writeable by cvs which
> runs with the permissions of the user might make this tricky

It was discussed on irc. The idea is to have the actual cvs repository
in a secondary virtualized machine, with no user accounts. User cvs
commands sent to the 'user host' would redirect via pserver or ssh to
this virtualized machine, with just one actual account restricted to
running the trusted cvs binary and nothing else (there would be no
other accessible binaries on that host and no writable+executable
filesystem).

Rich





More information about the ffmpeg-devel mailing list