[Bf-committers] FTP access to download.b.o (was: Blender 2.80 Release Candidate - master frozen)

dr. Sybren A. Stüvel sybren at stuvel.eu
Fri Jul 19 17:58:59 CEST 2019


Hey all,

Just breaking this out to a different thread.

On 19-07-19 16:36, Dan McGrath wrote:
> My recommendation is to immediately disable and remove FTP from our server,
> and find alternative and secure means for the developers to share files.

I agree with Dan. FTP is a old, insecure protocol, and we don't need
anonymous uploads at all. Platform maintainers can use their SSH key to
gain access to the file storage.

> I would also strong advise that one of the developers create a GPG key that
> is stored safely ofline, which can be used to officially sign the MD5/SHA
> checksum files

I would recommend using a Yubikey for this, stored in a safe at the
Blender Institute. Getting the right key is easy once it's poured into
hardware.

-- 
Sybren A. Stüvel

https://stuvelfoto.nl/
https://stuvel.eu/



More information about the Bf-committers mailing list