[Bf-committers] FTP access to download.b.o (was: Blender 2.80 Release Candidate - master frozen)
dr. Sybren A. Stüvel
sybren at stuvel.eu
Fri Jul 19 17:58:59 CEST 2019
Hey all,
Just breaking this out to a different thread.
On 19-07-19 16:36, Dan McGrath wrote:
> My recommendation is to immediately disable and remove FTP from our server,
> and find alternative and secure means for the developers to share files.
I agree with Dan. FTP is a old, insecure protocol, and we don't need
anonymous uploads at all. Platform maintainers can use their SSH key to
gain access to the file storage.
> I would also strong advise that one of the developers create a GPG key that
> is stored safely ofline, which can be used to officially sign the MD5/SHA
> checksum files
I would recommend using a Yubikey for this, stored in a safe at the
Blender Institute. Getting the right key is easy once it's poured into
hardware.
--
Sybren A. Stüvel
https://stuvelfoto.nl/
https://stuvel.eu/
More information about the Bf-committers
mailing list