[FFmpeg-devel] Mailing List Delay

ffmpegandmahanstreamer at e.email ffmpegandmahanstreamer at e.email
Fri Aug 6 16:56:26 EEST 2021 

August 6, 2021 7:20 AM, "Michael Niedermayer" <michael at niedermayer.cc> wrote:

> On Wed, Aug 04, 2021 at 11:28:19PM +0100, Derek Buitenhuis wrote:
> 
>> On 8/4/2021 11:03 PM, Michael Niedermayer wrote:
>> 
>> * There is no public documentation on:
>> * Who owns the physical infra.
>> 
>> its all donated one way or another IIRC,
>> I am a bit hesitant to post a names who provide the servers in public
>> for the main server i think its all on the mailing list. Our fate
>> machiene is seperate and provided and payed for by a FFmpeg developer
>> Theres also a server hosting backups, that reminds me that the backups
>> should be tested. That requirres a volunteer probably
>> 
>> I don't think we need to post people's names, but we genrally do
>> keep things open here, so I assumed the intent should be the same.
>> Reimbursements, funds, hardware, etc. are all posted here.
>> 
>> It does seem somewhat suspicious to me that people providing servers
>> to us for free would not want others to know who they are. Maybe I am
>> paranoid...
> 
> We do credit them
> src/template_footer1: <p class="text-right"><small>Hosting provided by <a
> href="https://telepoint.bg">telepoint.bg</a><small></p>
> 
> also i belive i heared somewhere that they wanted more traffic for some
> peering stuff or something. This is outside my area of knowledge but it
> might shift the cost of providing the server to us.
> 
Sounds about right. Back in my networking days I heard that more traffic means that more companies willing to peer with you for free.
>> * Where it is located or who hosts it.
>> 
>> traceroute ffmpeg.org points to telepoint.bg
>> 
>> OK.
>> 
>> I hope the admins have a direct contact there in case of issue.
> 
> I have one contact, i will check and see if we can get some redundant one
> 
>> * Who has admin access and how to contact them.
>> 
>> project server line in MAINTAINERS file, not everyone is active but even inactive
>> ones can help in an emergency potentially
>> 
>> I more meant: Is that list an exhaustive / complete list of who has
>> access on the servers? If so, apologies. It is not clear to me if it is.
>> Honestly, mostly due to it being unclea who the owners / hosters are and
>> if they have access.
> 
> I checked the list of keys and i believe ubitux, Tim Nicholson and Roberto Togni
> have access too
> Tim IIRC did some work on the mail stuff longer ago but ive not heared from
> him since a long time. ubitux provided a server to us for a while
> There are no other keys on the main host server or main virtual one, i didnt
> check the other virtual machienes
> The hoster would of course have physical access
> 
> That said, if anyone of the people having admin access currently would want
> to help maintain anything like the mail stuff, iam certainly not unhappy about
> that.
> 
>> * Any way to audit admin access.
>> 
>> What do you mean by "audit admin access" ?
>> 
>> A way to know accessed the server and when, should anything bad happen and
>> who has access - that cannot be deleted locally by someone with root. Especially
>> on the git server.
>> 
>> I may have made a bad assumption here if this is already in place. Apologies if so.
>> To my knowledge, it isn't, though.
> 
> Iam not aware of something like that being in place.
> but developer git is provided by videolan. We just provide the webpage git
> and mirror the ffmpeg git for public access with matching SSL certificates
> which videolan would not be able to do as they have no SSL certs for ffmpeg.org
> we could also "easily" move the developer git to our server but there was no
> reason to do that and "if it aint broken ..."
> 
> That said, is there something specific you would suggest should be done/put
> in place for "audit admin access" ?

Maybe have a program which tells which users/IP logged in and what they did. A log file that tracks which files are being edited and opened, etc.. so if something goes wrong it can be traced back.

> [...]
> 
>> All this said, the truth with open source projects probably is as long as
>> it works well enough noone volunteers to help.
>> 
>> This is true. You can consider this me volunteering to help if you need it
>> somewhere.
> 
> ok, this is good to know
> 
> thx

good luck Derek. I know you can do it.
> 
> [...]
> 
> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> 
> Avoid a single point of failure, be that a person or equipment.
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".

More information about the ffmpeg-devel mailing list