/[gentoo]/xml/htdocs/proj/en/glep/glep-0012.html
Gentoo

Contents of /xml/htdocs/proj/en/glep/glep-0012.html

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.5 - (hide annotations) (download) (as text)
Sun Oct 14 17:00:15 2007 UTC (7 years ago) by antarus
Branch: MAIN
CVS Tags: HEAD
Changes since 1.4: +4 -251 lines
File MIME type: text/html
the canary on 53 went well, changing the rest

1 g2boojum 1.1 <?xml version="1.0" encoding="utf-8" ?>
2     <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3     <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
4 antarus 1.5
5 g2boojum 1.1 <head>
6     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
7 g2boojum 1.3 <meta name="generator" content="Docutils 0.4: http://docutils.sourceforge.net/" />
8 g2boojum 1.1 <title>GLEP 12 -- Gentoo.org Finger Daemon</title>
9 antarus 1.5 <link rel="stylesheet" href="tools/glep.css" type="text/css" />
10 g2boojum 1.1 </head>
11     <body bgcolor="white">
12     <table class="navigation" cellpadding="0" cellspacing="0"
13     width="100%" border="0">
14     <tr><td class="navicon" width="150" height="35">
15     <a href="http://www.gentoo.org/" title="Gentoo Linux Home Page">
16     <img src="http://www.gentoo.org/images/gentoo-new.gif" alt="[Gentoo]"
17     border="0" width="150" height="35" /></a></td>
18     <td class="textlinks" align="left">
19     [<b><a href="http://www.gentoo.org/">Gentoo Linux Home</a></b>]
20 antarus 1.5 [<b><a href="http://www.gentoo.org/proj/en/glep">GLEP Index</a></b>]
21 g2boojum 1.1 [<b><a href="http://www.gentoo.org/proj/en/glep/glep-0012.txt">GLEP Source</a></b>]
22     </td></tr></table>
23 g2boojum 1.3 <table class="rfc2822 docutils field-list" frame="void" rules="none">
24 g2boojum 1.1 <col class="field-name" />
25     <col class="field-body" />
26     <tbody valign="top">
27     <tr class="field"><th class="field-name">GLEP:</th><td class="field-body">12</td>
28     </tr>
29     <tr class="field"><th class="field-name">Title:</th><td class="field-body">Gentoo.org Finger Daemon</td>
30     </tr>
31 g2boojum 1.3 <tr class="field"><th class="field-name">Version:</th><td class="field-body">1.2</td>
32 g2boojum 1.1 </tr>
33 g2boojum 1.3 <tr class="field"><th class="field-name">Last-Modified:</th><td class="field-body"><a class="reference" href="http://www.gentoo.org/cgi-bin/viewcvs.cgi/xml/htdocs/proj/en/glep/glep-0012.txt?cvsroot=gentoo">2004/01/31 21:56:55</a></td>
34 g2boojum 1.1 </tr>
35     <tr class="field"><th class="field-name">Author:</th><td class="field-body">Tavis Ormandy &lt;taviso&#32;&#97;t&#32;gentoo.org&gt;</td>
36     </tr>
37 g2boojum 1.2 <tr class="field"><th class="field-name">Status:</th><td class="field-body">Rejected</td>
38 g2boojum 1.1 </tr>
39     <tr class="field"><th class="field-name">Type:</th><td class="field-body">Standards Track</td>
40     </tr>
41     <tr class="field"><th class="field-name">Created:</th><td class="field-body">10-Aug-2003</td>
42     </tr>
43     <tr class="field"><th class="field-name">Post-History:</th><td class="field-body">11-Aug-2003</td>
44     </tr>
45     </tbody>
46     </table>
47     <hr />
48 g2boojum 1.3 <div class="contents topic">
49     <p class="topic-title first"><a id="contents" name="contents">Contents</a></p>
50 g2boojum 1.1 <ul class="simple">
51 g2boojum 1.2 <li><a class="reference" href="#reason-for-rejection" id="id21" name="id21">Reason for rejection</a></li>
52     <li><a class="reference" href="#abstract" id="id22" name="id22">Abstract</a></li>
53     <li><a class="reference" href="#motivation" id="id23" name="id23">Motivation</a></li>
54     <li><a class="reference" href="#rationale" id="id24" name="id24">Rationale</a></li>
55     <li><a class="reference" href="#implementation-and-security" id="id25" name="id25">Implementation and Security</a></li>
56     <li><a class="reference" href="#example-query" id="id26" name="id26">Example Query</a></li>
57     <li><a class="reference" href="#references" id="id27" name="id27">References</a></li>
58     <li><a class="reference" href="#copyright" id="id28" name="id28">Copyright</a></li>
59 g2boojum 1.1 </ul>
60     </div>
61 g2boojum 1.3 <div class="section">
62     <h1><a class="toc-backref" href="#id21" id="reason-for-rejection" name="reason-for-rejection">Reason for rejection</a></h1>
63 g2boojum 1.2 <p>Information about Gentoo development is already significantly fragmented.
64     Although this GLEP has its merits, the fact that it is a separate source
65 g2boojum 1.3 of information, rather than simply another conduit to existing sources
66 g2boojum 1.2 of information, poses more problems than it solves. Were this GLEP to
67     be resubmitted/modified so that finger was nothing more than an interface
68     into existing sources of information, it would probably be accepted.</p>
69     </div>
70 g2boojum 1.3 <div class="section">
71     <h1><a class="toc-backref" href="#id22" id="abstract" name="abstract">Abstract</a></h1>
72 g2boojum 1.1 <p>The finger protocol is documented in rfc742 <a class="footnote-reference" href="#id11" id="id1" name="id1">[1]</a> and rfc1196 <a class="footnote-reference" href="#id12" id="id2" name="id2">[2]</a>, a simple
73     protocol that returns a human readable report about a particular user
74     of the system. Typically, the information returned will be details such as
75     full name, location, etc. These details are entirely optional and are obtained
76     from the system passwd file, which of course can be edited or removed with the
77     standard chfn(1) <a class="footnote-reference" href="#id13" id="id3" name="id3">[3]</a> command.</p>
78     <p>The finger daemon will also return the contents of three files from the users home
79     directory, should they exist and be readable.</p>
80     <blockquote>
81     <ul class="simple">
82     <li>~/.project - which should contain information about the project currently being worked on.</li>
83     <li>~/.plan - which might contain work being done or a TODO style list.</li>
84     <li>~/.pgpkey - which would contain a PGP/GnuPG <a class="footnote-reference" href="#id14" id="id4" name="id4">[4]</a> public key block.</li>
85     </ul>
86     </blockquote>
87     <p>The finger protocol is mature, secure and widely used in the UNIX community.
88     There are clients available for all major operating systems, and web-based
89     clients for those that dont.</p>
90     </div>
91 g2boojum 1.3 <div class="section">
92     <h1><a class="toc-backref" href="#id23" id="motivation" name="motivation">Motivation</a></h1>
93 g2boojum 1.1 <p>Gentoo developers are already aware of the importance of User Relations <a class="footnote-reference" href="#id19" id="id5" name="id5">[9]</a> .</p>
94 g2boojum 1.3 <p>It is essential to keep the community up to date with current goals, status
95 g2boojum 1.1 updates, and information from the development team. Currently it is suggested
96     users track mailing lists, monitor the Gentoo bugzilla, developer IRC
97     channels and cvs commits.</p>
98     <p>While the resources to track developer progress and activity are made
99     available to users, they are not in a form usable to many people. Keeping
100     track of development is a tedious challenge, even for developers. For
101     non-technical users wishing to track the progress of a developer, using
102     mailing lists and bugzilla may not be a practical option.</p>
103     <p>Developers may also need a way to quickly find out the progress or activity of
104     other developers, different time zones sometimes makes it difficult for
105     developers to catch each other on IRC, and making already high-volume mailing
106     lists even more cluttered with status updates is not desirable.</p>
107     <p>A method that would allow individual developers to keep a log of their
108     activities and plans that were instantly accesible to anyone who was
109     interested would be desirable, I propose running a finger daemon on
110     gentoo.org, or dev.gentoo.org and forwarding requests there from gentoo.org.</p>
111 g2boojum 1.3 <p>Running a developer finger daemon would improve inter developer communication,
112     user communication and relations, and reduce workload on developers who have to
113 g2boojum 1.1 respond to queries from users on project status updates.</p>
114 g2boojum 1.3 <p>In the future, it is foreseen that portage will require a cryptographically
115     secure means of verifying ebuilds aquired from an rsync mirror are identical
116     to those checked into the portage tree by a developer <a class="footnote-reference" href="#id20" id="id6" name="id6">[10]</a> . Making developer keys
117     available to users for manually checking the integrity of files, or patches
118     sent to them is important. It has long been known that encouraging the
119 g2boojum 1.1 use of gpg among developers is desirable <a class="footnote-reference" href="#id15" id="id7" name="id7">[5]</a> .</p>
120 g2boojum 1.3 <p>Should a security vulnerability of a serious nature ever be reported,
121     standard procedure <a class="footnote-reference" href="#id16" id="id8" name="id8">[6]</a> is to inform vendors before releasing the information
122     to full disclosure security discussion lists. Making the relevant maintainer's
123 g2boojum 1.1 key easily obtainable will allow reporters to encrypt their reports.</p>
124     </div>
125 g2boojum 1.3 <div class="section">
126     <h1><a class="toc-backref" href="#id24" id="rationale" name="rationale">Rationale</a></h1>
127     <p>Providing a finger daemon will allow users to instantly access information on
128     developers, and all details of that developers current projects that they decide
129 g2boojum 1.1 to share.</p>
130 g2boojum 1.3 <p>GPG keys for all developers will be instantly availble, and the output of the
131     finger <a class="reference" href="mailto:devname&#64;gentoo.org">devname&#64;gentoo.org</a> command can be piped into gpg --import to instantly
132 g2boojum 1.1 add it to the users keyring.</p>
133     <p>The following projects use finger for user-developer communications,:</p>
134     <pre class="literal-block">
135     Latest kernel releases, and developer information.
136     $ finger &#64;kernel.org
137    
138     Developers and organisers are encouraged to keep .plans about their
139     activity.
140     $ finger nugget&#64;distributed.net
141    
142     Latest NASA news, and information from engineers.
143 g2boojum 1.3 $ finger nasanews&#64;space.mit.edu
144 g2boojum 1.1
145     Slackware developers.
146     $ finger volkerdi&#64;slackware.com
147    
148     FreeBSD developers.
149     $ finger nakai&#64;freebsd.org
150     </pre>
151     </div>
152 g2boojum 1.3 <div class="section">
153     <h1><a class="toc-backref" href="#id25" id="implementation-and-security" name="implementation-and-security">Implementation and Security</a></h1>
154     <p>Some admins are concerned about the security of running a finger daemon on their
155     machines, the class of security issues involved with the finger protocol are
156 g2boojum 1.1 commonly referred to as &quot;information leaks&quot; <a class="footnote-reference" href="#id17" id="id9" name="id9">[7]</a>.</p>
157 g2boojum 1.3 <p>This means an attacker may be able to use a finger daemon to identify valid
158 g2boojum 1.1 accounts on their target, which they would then try to obtain access to.</p>
159 g2boojum 1.3 <p>This scenario does not apply to this implementation, as the gentoo developer
160 g2boojum 1.1 names are already well publicised. <a class="footnote-reference" href="#id18" id="id10" name="id10">[8]</a></p>
161 g2boojum 1.3 <p>No security issues have ever been reported with the fingerd available in gentoo
162     portage. Finger is used worldwide by universities, unix systems, and development
163 g2boojum 1.1 projects.</p>
164     <p>Adding dummy users, will be trivial and allow projects such as gentoo-docs,
165 g2boojum 1.3 gentoo-alpha, gentoo-ppc, etc to maintain .plans and .projects. This will allow
166     the projects to maintain more technical details or status updates not suitable
167 g2boojum 1.1 for their project webpages.</p>
168     <p>Adding data to a plan is a lot simpler than updating webpages.</p>
169     </div>
170 g2boojum 1.3 <div class="section">
171     <h1><a class="toc-backref" href="#id26" id="example-query" name="example-query">Example Query</a></h1>
172     <p>Should a user want information about the author, this might be the output of
173 g2boojum 1.1 a finger query:</p>
174     <pre class="literal-block">
175 g2boojum 1.3 $ finger taviso&#64;gentoo.org
176     Login: taviso Name: Tavis Ormandy
177     Directory: /home/taviso Shell: /bin/bash
178     Last login: dd-mmm-yyyy
179     Mail last read dd-mmm-yyy
180 g2boojum 1.1 Project:
181    
182     Currently working on implementing XXX, and porting XXX to XXX.
183    
184     Plan:
185    
186     dd-mmm-yyyy
187    
188 g2boojum 1.3 Investigating bug #12345, testing patch provided in #12236
189 g2boojum 1.1
190     Write documentation for new features in XXX.
191    
192     dd-mmm-yyyy
193    
194     Contact acmesoft regarding license for xxx in portage.
195    
196 g2boojum 1.3 PGP Key:
197 g2boojum 1.1
198 g2boojum 1.3 -----BEGIN PGP PUBLIC KEY BLOCK-----
199     Version: GnuPG v1.2.1 (Linux)
200     (...)
201 g2boojum 1.1 -----END PGP PUBLIC KEY BLOCK-----
202     </pre>
203     </div>
204 g2boojum 1.3 <div class="section">
205     <h1><a class="toc-backref" href="#id27" id="references" name="references">References</a></h1>
206     <table class="docutils footnote" frame="void" id="id11" rules="none">
207 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
208     <tbody valign="top">
209     <tr><td class="label"><a class="fn-backref" href="#id1" name="id11">[1]</a></td><td><a class="reference" href="http://www.ietf.org/rfc/rfc0742.txt">http://www.ietf.org/rfc/rfc0742.txt</a></td></tr>
210     </tbody>
211     </table>
212 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id12" rules="none">
213 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
214     <tbody valign="top">
215     <tr><td class="label"><a class="fn-backref" href="#id2" name="id12">[2]</a></td><td><a class="reference" href="http://www.ietf.org/rfc/rfc1196.txt">http://www.ietf.org/rfc/rfc1196.txt</a></td></tr>
216     </tbody>
217     </table>
218 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id13" rules="none">
219 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
220     <tbody valign="top">
221     <tr><td class="label"><a class="fn-backref" href="#id3" name="id13">[3]</a></td><td><a class="reference" href="http://www.gentoo.org/dyn/pkgs/sys-apps/shadow.xml">http://www.gentoo.org/dyn/pkgs/sys-apps/shadow.xml</a></td></tr>
222     </tbody>
223     </table>
224 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id14" rules="none">
225 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
226     <tbody valign="top">
227     <tr><td class="label"><a class="fn-backref" href="#id4" name="id14">[4]</a></td><td><a class="reference" href="http://www.gnupg.org">http://www.gnupg.org</a></td></tr>
228     </tbody>
229     </table>
230 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id15" rules="none">
231 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
232     <tbody valign="top">
233     <tr><td class="label"><a class="fn-backref" href="#id7" name="id15">[5]</a></td><td>&lt;<a class="reference" href="mailto:20030629040521.4316b135.seemant&#64;gentoo.org">20030629040521.4316b135.seemant&#64;gentoo.org</a>&gt;</td></tr>
234     </tbody>
235     </table>
236 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id16" rules="none">
237 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
238     <tbody valign="top">
239     <tr><td class="label"><a class="fn-backref" href="#id8" name="id16">[6]</a></td><td><a class="reference" href="http://www.oisafety.org/process.html">http://www.oisafety.org/process.html</a></td></tr>
240     </tbody>
241     </table>
242 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id17" rules="none">
243 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
244     <tbody valign="top">
245     <tr><td class="label"><a class="fn-backref" href="#id9" name="id17">[7]</a></td><td><a class="reference" href="http://search.linuxsecurity.com/cgi-bin/htsearch?words=information%20leak">http://search.linuxsecurity.com/cgi-bin/htsearch?words=information%20leak</a></td></tr>
246     </tbody>
247     </table>
248 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id18" rules="none">
249 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
250     <tbody valign="top">
251     <tr><td class="label"><a class="fn-backref" href="#id10" name="id18">[8]</a></td><td><a class="reference" href="http://www.gentoo.org/main/en/devlist.xml">http://www.gentoo.org/main/en/devlist.xml</a></td></tr>
252     </tbody>
253     </table>
254 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id19" rules="none">
255 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
256     <tbody valign="top">
257     <tr><td class="label"><a class="fn-backref" href="#id5" name="id19">[9]</a></td><td><a class="reference" href="http://www.gentoo.org/proj/en/devrel/user-relations.xml">http://www.gentoo.org/proj/en/devrel/user-relations.xml</a></td></tr>
258     </tbody>
259     </table>
260 g2boojum 1.3 <table class="docutils footnote" frame="void" id="id20" rules="none">
261 g2boojum 1.1 <colgroup><col class="label" /><col /></colgroup>
262     <tbody valign="top">
263     <tr><td class="label"><a class="fn-backref" href="#id6" name="id20">[10]</a></td><td><a class="reference" href="http://www.gentoo.org/news/en/gwn/20030407-newsletter.xml">http://www.gentoo.org/news/en/gwn/20030407-newsletter.xml</a></td></tr>
264     </tbody>
265     </table>
266     </div>
267 g2boojum 1.3 <div class="section">
268     <h1><a class="toc-backref" href="#id28" id="copyright" name="copyright">Copyright</a></h1>
269 g2boojum 1.1 <p>This document is released under the Open Publications License.</p>
270     </div>
271 g2boojum 1.3
272 g2boojum 1.1 </div>
273     <div class="footer">
274 g2boojum 1.3 <hr class="footer" />
275 g2boojum 1.1 <a class="reference" href="glep-0012.txt">View document source</a>.
276 antarus 1.5 Generated on: 2007-10-13 13:39 UTC.
277 g2boojum 1.1 Generated by <a class="reference" href="http://docutils.sourceforge.net/">Docutils</a> from <a class="reference" href="http://docutils.sourceforge.net/rst.html">reStructuredText</a> source.
278 g2boojum 1.3
279 g2boojum 1.1 </div>
280     </body>
281     </html>

  ViewVC Help
Powered by ViewVC 1.1.20