From owner-freebsd-arch@freebsd.org  Tue Mar  6 18:38:22 2018
Return-Path: <owner-freebsd-arch@freebsd.org>
Delivered-To: freebsd-arch@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 975D2F49AFF
 for <freebsd-arch@mailman.ysv.freebsd.org>;
 Tue,  6 Mar 2018 18:38:22 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
 [IPv6:2610:1c1:1:6074::16:84])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3E44184316
 for <freebsd-arch@freebsd.org>; Tue,  6 Mar 2018 18:38:22 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (unknown [127.0.1.132])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by freefall.freebsd.org (Postfix) with ESMTPS id 24518179A2
 for <freebsd-arch@freebsd.org>; Tue,  6 Mar 2018 18:38:22 +0000 (UTC)
 (envelope-from bdrewery@FreeBSD.org)
Received: from mail.xzibition.com (localhost [172.31.3.2])
 by mail.xzibition.com (Postfix) with ESMTP id 56A548F77
 for <freebsd-arch@freebsd.org>; Tue,  6 Mar 2018 18:38:21 +0000 (UTC)
X-Virus-Scanned: amavisd-new at mail.xzibition.com
Received: from mail.xzibition.com ([172.31.3.2])
 by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new,
 port 10026) with LMTP id jSuWLhQ9p-JD for <freebsd-arch@freebsd.org>;
 Tue,  6 Mar 2018 18:38:15 +0000 (UTC)
Subject: Re: Proposal: deregulate secteam, random team
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.xzibition.com D088E8F71
To: freebsd-arch@freebsd.org
References: <CAG6CVpXAxMJbRpkO510fgyv_NjKK1AitSa_b-0Ff4eknTWmtWQ@mail.gmail.com>
 <49f2eeba-ffb2-11d0-3875-b16a53541a3e@FreeBSD.org>
From: Bryan Drewery <bdrewery@FreeBSD.org>
Openpgp: id=F9173CB2C3AAEA7A5C8A1F0935D771BB6E4697CF;
 url=http://www.shatow.net/bryan/bryan2.asc
Organization: FreeBSD
Message-ID: <54c26d20-7f01-7d29-48dd-ef0ce48bd3ac@FreeBSD.org>
Date: Tue, 6 Mar 2018 10:38:17 -0800
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <49f2eeba-ffb2-11d0-3875-b16a53541a3e@FreeBSD.org>
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="qaSZkApvf5OzEgNL0Y7kjEYMnOrASAbV1"
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch/>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
 <mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Mar 2018 18:38:22 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--qaSZkApvf5OzEgNL0Y7kjEYMnOrASAbV1
Content-Type: multipart/mixed; boundary="kAR9ccirC442QXaIm15Ow5rSKaAYcYRDp";
 protected-headers="v1"
From: Bryan Drewery <bdrewery@FreeBSD.org>
To: freebsd-arch@freebsd.org
Message-ID: <54c26d20-7f01-7d29-48dd-ef0ce48bd3ac@FreeBSD.org>
Subject: Re: Proposal: deregulate secteam, random team
References: <CAG6CVpXAxMJbRpkO510fgyv_NjKK1AitSa_b-0Ff4eknTWmtWQ@mail.gmail.com>
 <49f2eeba-ffb2-11d0-3875-b16a53541a3e@FreeBSD.org>
In-Reply-To: <49f2eeba-ffb2-11d0-3875-b16a53541a3e@FreeBSD.org>

--kAR9ccirC442QXaIm15Ow5rSKaAYcYRDp
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 3/5/2018 1:08 PM, Bryan Drewery wrote:
> I seem to recall for Poudriere that any kind of
> web server with a server-side application was verboten by secteam at th=
e
> time but that kind of blanket rule was just unhelpful and lazy.

I should not have used the word "lazy" here.  I picked a bad word and
should have been more clear that 1 person can never keep up with the
demand and must force compromises like this to move forward.  In the
bigger picture secteam isn't responsible for the cluster systems,
clusteradm is. So clusteradm should be the one to enforce what is
allowed on their systems rather than the security team since they have
to maintain and keep them secure.  The security team should be a
resource for security reviews but not a final say in all regards.

--=20
Regards,
Bryan Drewery


--kAR9ccirC442QXaIm15Ow5rSKaAYcYRDp--

--qaSZkApvf5OzEgNL0Y7kjEYMnOrASAbV1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJanuAZAAoJEDXXcbtuRpfPIA8IAJWj/2qw8yx7Zf0CJS1L7JO1
VsqrOWzySOhIAY10Rx2BOPoY1PD02VvfLmKy6+9ijEQjMOCFZ2bRA4+LLR4ceVKS
CexzQ3FBSTv2pV7szT7AEd1iB5Czv0iC1lggPRWLijVy01SkTho/mEA5/106MHWH
UY9quVl2E72BmzrJgoNTjz++Y1qk9artbDrX0JVR6WQowMAH2TT6qh0rrjqt1Nk9
Omg06TuyTiWe/++1YNyiPXvbgXBpL3AziBh6wQGc8i6yIsvpvrVRfil+U0MdezHe
mgNISemySnvlj78eXCW453uR/2oyT/sfm6KaqCDD4KS+DZf3wxOR6a9XYgaKdSI=
=Jbm5
-----END PGP SIGNATURE-----

--qaSZkApvf5OzEgNL0Y7kjEYMnOrASAbV1--