Everything.
-o user mail forwards, mail user +extension forwards, mail user +extension pipes, all of it.
-o service domain aliases files
-o service domains whitelists/blacklists/neverusers/RBLs
+* user mail forwards, mail user +extension forwards, mail user +extension pipes, all of it.
+* service domain aliases files
+* service domains whitelists/blacklists/neverusers/RBLs
-== make dns auto update on shutdowns ==
+== puppet poneys ==
-one day, when all these dynamic things are in their own dns, we imagine we
-would just do shutdown -r 60 kernel and a nagios check or something will remove
-the node from DNS automatically
+* update external puppet modules
+** xinetd used: own module, maybe move to puppetlabs xinetd module
+* setup regression testing environment
+== ud-ldap ==
+* Non-DD accounts:
+** new object classes? Something to differentiate
+** Would like to always add NM/DM/etc
+** Possibly porter box access for NM/DM ?
+* ud-cruft:
+** Clean up old expired entries
+
+* scale ud-generate:
+** ldap replication?
+
+* Security:
+** LDAP query interface read-only with hidden master
+** Privileged modify operations should only be allowed from lo.
+
+* Code base:
+** Could we have one, please?
+
+== mail handling ==
+* move @d.o to MXes (different source IP to avoid RBL for important mail?)
+
+== DSA trainees ==
+* root everywhere, no authority to speak for team
+
+== Web auth ==
+* SSO for web apps (nagios, rt, wiki, etc)
+* Tied to ud-ldap (but not LDAP password, dammit!)
+
+== Munin replacement ==
+* Something that is scriptable and scales
+
+== Nagios config ==
+* Way to test IPv6, without duplicating all of our config
+
+== DNS/SSHFP ==
+* It'd be nice if service names like db.d.o had sshfp records in DNS. This is tricky because some of the purpose service names are CNAMEs, but not all.
projects / mirror / dsa-wiki.git / blobdiff