X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=input%2Fponeys.creole;h=32c8e5debd8612a8310753e2b9bd1c72d05a38d4;hb=278701cec312c599a46b1f8f00eef65998323ba9;hp=2a9d6d3723a7e073e8deeed94eb9243f57b1e416;hpb=da48b56bd33ac1702b5cbf194f09b21b3dccb496;p=mirror%2Fdsa-wiki.git

diff --git a/input/poneys.creole b/input/poneys.creole
index 2a9d6d3..32c8e5d 100644
--- a/input/poneys.creole
+++ b/input/poneys.creole
@@ -10,9 +10,45 @@ Everything.
 
 == puppet poneys ==
 
-=== make security.debian.org deployment fully automated ===
-* includes correct rsyncd.conf via xinetd
-* includes correct apache config
-* includes correct vsftpd config
-* includes ferm rules for all those services
-* minimum information provided should be the IPv4 and IPv6 address
+* update external puppet modules
+** xinetd used: own module, maybe move to puppetlabs xinetd module
+* setup regression testing environment
+
+== ud-ldap ==
+* Non-DD accounts:
+** new object classes? Something to differentiate
+** Would like to always add NM/DM/etc
+** Possibly porter box access for NM/DM ?
+
+* ud-cruft:
+** Clean up old expired entries
+
+* scale ud-generate:
+** ldap replication?
+
+* Security:
+** LDAP query interface read-only with hidden master
+** Privileged modify operations should only be allowed from lo.
+
+* Code base:
+** Could we have one, please?
+
+== mail handling ==
+* move @d.o to MXes (different source IP to avoid RBL for important mail?)
+
+== DSA trainees ==
+* root everywhere, no authority to speak for team
+
+== Web auth ==
+* SSO for web apps (nagios, rt, wiki, etc)
+* Tied to ud-ldap (but not LDAP password, dammit!)
+
+== Munin replacement ==
+* Something that is scriptable and scales
+
+== Nagios config ==
+* Way to have per user views.  Doable with contacts, just needs to be done
+* Way to test IPv6, without duplicating all of our config
+
+== DNS/SSHFP ==
+* It'd be nice if service names like db.d.o had sshfp records in DNS.  This is tricky because some of the purpose service names are CNAMEs, but not all.