|
|
| Author |
Message |
cross
|
|
Off-Topic SBAI
| 
Sep 23 04:00 UTC 2006 |
This is the staff and board alert item. Post pointers to items in other
conferences that require staff or board attention here.
|
| 30 responses total. |
cross
|
|
response 1 of 30:
|
Sep 23 04:02 UTC 2006 |
There is an ongoing discussion about modifying how grex stores passwords to
bring grex in line with the operating system's standard conventions in
garage. I have written all the necessary software to do this, but a
misunderstanding between staff members (and myself for misunderstanding that
there was a misunderstanding - I had assumed there wasn't) has highlighted
to me that important staff members do not regularly read the garage
conference.
The relevant item is #27 in garage (garage:27).
|
cross
|
|
response 2 of 30:
|
Sep 23 06:26 UTC 2006 |
(btw- it would be nice if someone would link this item into the staff
conference.)
|
spooked
|
|
response 3 of 30:
|
Sep 23 08:19 UTC 2006 |
I can't even get into the staff conference, as STeve has taken over and
revoked my privileges. Why don't we just give STeve SUPER-super user
privileges? I thought I had seen it all, in terms of egos, in my
professional life... now, I am starting to wonder.
|
steve
|
|
response 4 of 30:
|
Sep 23 09:32 UTC 2006 |
My ego is hardly at stake here.
You completely ignored the protocols Grex has had for more than
a decade, that deal with root access. YOU GAVE SOMEONE ROOT ACCESS
WITHOUT TELLING PEOPLE. Thats bad. That cross was once a staff
person does not matter in the slightest: the fact remains, quite
simply, that you used horrid judgement here. The second problem
with this debacle is changing a major part of the system without
talking in staff, or email to make the changes known such that
all staff could talk about them!
It's not my ego we're dealing with. It is that of a stunningly
bad move on your part.
|
steve
|
|
response 5 of 30:
|
Sep 23 09:38 UTC 2006 |
The ulist has spooked in it again. I thought I'd fixed that
before I left for home but hadn't.
|
spooked
|
|
response 6 of 30:
|
Sep 23 09:40 UTC 2006 |
Well, you seem to have a timely opinion about everything... and I did not
see your (or anyone else's) objection to the said proposal in the garage
conference.
Changing the password subsystem is hardly rocket science, and the testing
has been professional. I trust Dan's technical competency at least, if not
more, than yours. And, his judgement MORE than yours.
Needless to say this is moving the password subsystem to a more standard
position, something we never should have departed from.
If you want to hang me, go ahead. However, you will be losing yet another
good staff member because of your attitude. If every decision I (backed
by the community) makes has to first be OKed by you, I really do not want
to be on staff.
|
steve
|
|
response 7 of 30:
|
Sep 23 09:47 UTC 2006 |
You can't expect to make a change like this without TRAWLING for
responses from other staff people, Mic!
Guess what? *IF* I were completely against this, and I don't
really know either way, but the majority of staff said that it was
a good thing, guess what? I'd go along with it. When we upgraded
OpenBSD last, I used a version of -current, which I'd used at work
and knew was completely functional and worked excellently. But
John and Jan were nervous about using -current, and Jan came by
and installed the stock 3.8. I wasn't happy about that, but I
was in the minority, and so I went along with it. Probably I
should have talked more about using -current than I did, too.
So let's be really clear here: it was the method of doing
this that is even more important than the ultimate action itself
would be.
|
cross
|
|
response 8 of 30:
|
Sep 23 12:01 UTC 2006 |
Hey guys, this is the Staff and Board Alert item. I'm unhappy about this
whole thing myself, but can we can it to another item that's more appropriate
to the discussion?
|
remmers
|
|
response 9 of 30:
|
Sep 23 13:35 UTC 2006 |
Here's the relevant policy, adopted by the Board:
Staff Membership - November 16, 1994
------------------------------------
Staff with permanent root access may at its discretion grant specific
resources to qualified individuals for the purpose of performing work
that is beneficial to Grex. Examples of such resources would be write
access to selected directories in order to modify data files or to
install software. In the the event of an emergency, temporary root
access may be granted by any permanent root.
Permanent root access, access to the staff conference, and access to the
"baff" mailing list shall be with the advice and consent of the Board.
-----------------------------------------------------------------------
See http://cyberspace.org/local/grex/policy.html for this and other
policies adopted by the Board.
This policy allows temporary root access to non-staff in an emergency,
which this was not. It requires board approval for access to the staff
conference, which was not obtained.
|
cross
|
|
response 10 of 30:
|
Sep 23 14:00 UTC 2006 |
Regarding #9; Okay, just for the record, the staff conference thing was my
fault; don't blame Mic for it. I made an assumption there that turned out
to be a poor one. If you're going to blame someone for that specific part
of it, blame me.
Now, could I respectfully request that, if this discussion is going to go on,
it be taken to a separate item? The purpose of *this* item is to hopefully
prevent things like this from happening in the future, not to discuss last
night.
|
other
|
|
response 11 of 30:
|
Sep 23 17:50 UTC 2006 |
Under the circumstances involved, I would be very pleased if we could
treat this incident as a series of ultimately harmless mistakes that are
useful for understanding what harm might have happened and why the
policies that are in place exist.
That being said, let us leave recriminations aside and discuss to the
extent necessary the changes cross was making, and if approved, allowing
him to go ahead and implement them. I do not feel that either he or mic
represent a security threat to the system, and especially now that this
has happened, they will probably both be more inclined to be aware of
and observe the proper protocols. Let's not waste that learning by
refusing either of them the opportunity to exercise it simply for having
made mistakes with no discernable harmful impact.
|
cross
|
|
response 12 of 30:
|
Sep 23 17:53 UTC 2006 |
Thank you, Eric. I appreciate your post.
|
spooked
|
|
response 13 of 30:
|
Sep 23 18:05 UTC 2006 |
Yeps.
Firstly, I don't need cross to do my dirty work. If I was a security
risk and wanted to hurt Grex, I would have imparted damage directly
(myself) on the system long before this.
Secondly, I feel I was absolutely within my rights of the role I was
serving in - as stipulated by the bylaw (which I was well awares of) - to
do what I did.
The only area which I could have improved the process, and it is
debateable, is to discuss the matter explicitly beforehand in the staff
conference -- but, once again, I suspect that if staff is not reading the
garage conference they are probably not reading the staff conference
either! (and, I don't deal in email, as it's a joke).
|
cross
|
|
response 14 of 30:
|
Sep 23 18:44 UTC 2006 |
Please note: I have created a new item, #363, in this conference for
discussion of the events of last night. I respectfully request that
discussion of those events move to that item. I'd really like this one to
stay focused so that it can be a resource for staff and the board.
|
cross
|
|
response 15 of 30:
|
Sep 23 18:46 UTC 2006 |
(Oh: both this item and that 363 are also linked into the agorage conference.)
|
remmers
|
|
response 16 of 30:
|
Sep 23 21:48 UTC 2006 |
Re #14: Given that this item went off on its current tangent almost
immediately with only one "alert" posted, wouldn't it be better to simply
enter a new "Staff and Board alert item", if you think one is needed?
|
cross
|
|
response 17 of 30:
|
Sep 23 21:57 UTC 2006 |
Yeah, probably. Then what to do about this one? I wonder if it's possible
to rename it or something.
|
gelinas
|
|
response 18 of 30:
|
Sep 24 04:39 UTC 2006 |
(A person with root access can do anything they like. Really. When I finish
reading the new items in this conference, I'll invite comments on renaming
items. I've not yet decided *where* I'll make the invitation, though.)
Mic, my time for reading conferences is *really* limited right now. Staff is
just below Coop in my list of priorities. Garage is below agora. So there
is a counter-example to your suspicion in #13 above.
|
cross
|
|
response 19 of 30:
|
Sep 24 04:54 UTC 2006 |
Regarding #18; Great! Then could you please make it so that my student loans
are paid off? :-)
|
remmers
|
|
response 20 of 30:
|
Sep 24 14:06 UTC 2006 |
Re #17: Backtalk (and probably Fronttalk) allows item authors to rename
items.
|
cross
|
|
response 21 of 30:
|
Sep 24 16:37 UTC 2006 |
Okay.
|
cross
|
|
response 22 of 30:
|
Sep 24 17:00 UTC 2006 |
(I have retitled this item.)
|
gelinas
|
|
response 23 of 30:
|
Sep 25 02:56 UTC 2006 |
(How many hardware engineers does it take to change a light-bulb, Dan? ;)
|
cross
|
|
response 24 of 30:
|
Sep 25 13:46 UTC 2006 |
I don't know, Joe, but I like this one:
How many DEC field service engineers does it take to change a tire? 5. One
to hold the tire while the other four hold up the car.
|