[csw-maintainers] ideas

Ben Walton bwalton at opencsw.org
Sun Jul 10 14:34:12 CEST 2011


Excerpts from Maciej Bliziński's message of Sat Jul 09 22:18:55 -0400 2011:

> Detecting should be easy: a cron job tries to sign and verify a
> random string. If it fails, it sends an alert.

But we shouldn't allow signing random data.  The set of allowed inputs
via the URL should specify the path (either the containing directory
or fully qualified to the catalog file) using a $mirror_base setup to
limit abuses.

This means that the daemon itself must do the test prior to returning
signed data.  I was thinking of querying the agent to see what keys
are unlocked.

> How and to whom send the alert - any ideas?

Email alerts and a useful error code via the restful interface.  I
think the mail alerts should go to Ihsan and $someone_else for
redundancy.  The daemon will be running on a zone in the www area, so
Ihsan is the logical choice here, imo.  (I'm working on the assumption
that this is ok with Ihsan.  If not, we need to come up with something
else.)

Thanks
-Ben


--
Ben Walton
Systems Programmer - CHASS
University of Toronto
C:416.407.5610 | W:416.978.4302



More information about the maintainers mailing list