[gPXE] Changes to Etherboot Project roles and responsibilities

Michael Brown mbrown at fensystems.co.uk
Wed Apr 7 10:34:00 EDT 2010 

On Wednesday 07 Apr 2010 14:09:07 Marty Connor wrote:
> System monitoring detected and reported activities with serious security
> implications for the server. Your account was involved. For forensic
> purposes I disabled your account, and preserved its state.

I assure you that nothing I have done or intend to do has any security 
implications for the server.  I believe that it is quite legitimate for me to 
copy across at least those elements of system configuration that I have been 
responsible for setting up, which on occasion has required me to use "sudo" to 
become root in order to access configuration files.  I am sorry if you have 
misinterpreted anything that I have done as having some kind of "security 
implications".

> > I still have private content on rom.etherboot.org (such as the
> > sanbootconf repository and various scripts such as release.sh) that is
> > not yet copied to my own servers.
> 
> I'm not sure how the /pub/scm/release.sh counts as "private content".
> I have pasted it below verbatim.  I do find the fact that you deleted
> this short shell script from /pub/scm, thus breaking the git hooks
> that use it, to be a curious thing to do.

Thank you.  This script is one example of content of mine that has not been 
released under any kind of open-source licence; I am afraid that, given your 
treatment of me, I am not intending to grant you a licence to use it.

I apologise for forgetting to remove the git hooks; that was an oversight.  
Since I no longer have access to the server, could you please delete all 
copies of release.sh and remove any git hooks that refer to it.

> As for other "private content", I assume you mean the remaining directories
> in your home directory.  These will be placed in a location you can
>  securely download them from.

I have already copied out the contents of my home directory.  Please delete 
your copies of these files which, again, have not been released under any kind 
of open-source licence.

Please also delete the sanbootconf git repository, which will no longer be 
hosted on rom.etherboot.org.  Please also delete my trees under 
/pub/scm/people/mcb30; again, these will no longer be hosted on 
rom.etherboot.org.

I shall let you know what other private content of mine is still held on the 
server.

> > I was trusting you to keep to your publicly-announced word on this.  Was
> > this unreasonable of me?
> > Michael
> 
> The security of project resources takes precedence in this situation.
> Please do not attempt to gain further access to the server.

There is no risk to "the security of project resources".  I would appreciate 
it if you would re-enable my account, so that I can complete my original plan 
for a smooth transition as per your promised timeline.  I believe that I do 
not require root access any further, so you are welcome to re-enable the 
account as a standard user account with no sudo access, if this helps calm 
your fears.

Please also be aware that by disabling my account you have also disabled the 
nightly offsite backup of rom.etherboot.org, and that you should make 
alternative arrangements if you have not already done so.

Michael

More information about the gPXE mailing list