== puppet poneys ==
-=== make security.debian.org deployment fully automated ===
-* includes correct rsyncd.conf via xinetd
-* includes correct apache config
-* includes correct vsftpd config
-* includes ferm rules for all those services
-* minimum information provided should be the IPv4 and IPv6 address
+* update external puppet modules
+** xinetd used: own module, maybe move to puppetlabs xinetd module
+* setup regression testing environment
+
+== ud-ldap ==
+* Non-DD accounts:
+** new object classes? Something to differentiate
+** Would like to always add NM/DM/etc
+** Possibly porter box access for NM/DM ?
+
+* ud-cruft:
+** Clean up old expired entries
+
+* scale ud-generate:
+** ldap replication?
+
+* Security:
+** LDAP query interface read-only with hidden master
+** Privileged modify operations should only be allowed from lo.
+
+* Code base:
+** Could we have one, please?
+
+== mail handling ==
+* move @d.o to MXes (different source IP to avoid RBL for important mail?)
+
+== DSA trainees ==
+* root everywhere, no authority to speak for team
+
+== Web auth ==
+* SSO for web apps (nagios, rt, wiki, etc)
+* Tied to ud-ldap (but not LDAP password, dammit!)
+
+== Munin replacement ==
+* Something that is scriptable and scales
+
+== Nagios config ==
+* Way to test IPv6, without duplicating all of our config
+
+== DNS/SSHFP ==
+* It'd be nice if service names like db.d.o had sshfp records in DNS. This is tricky because some of the purpose service names are CNAMEs, but not all.
projects / mirror / dsa-wiki.git / blobdiff