[distcc] Proposed Enhancements/Changes

Ihar `Philips` Filipau thephilips at gmail.com
Wed Jul 23 21:15:59 GMT 2008


On Wed, Jul 23, 2008 at 9:01 PM, Fergus Henderson <fergus at google.com> wrote:
> On Wed, Jul 23, 2008 at 10:36 AM, Ihar `Philips` Filipau
> <thephilips at gmail.com> wrote:
>>
>> Actually,  last time I was deploying distcc we had serious problems
>> with the newly introduced security.
>
> There's always going to be a trade-off between security and convenience.
> But the default configuration has to be secure.
>

I have read your comment. I can hardly say anything against increased security.

> If you have any specific suggestions about what we can do to make things
> more convenient without compromising security for the default configuration,
> and without preventing those folks who do care about security from getting
> it, please let us know.
>

:)

I understand now better than before that most uses of distcc
proportionally would large companies where the security, accounting
and auth are must. All I can add is that simple option to turn off all
the measures would make also lots of people who use distcc in more or
less private secure environments really happy.

My wish then would be to have a magic option (which might also throw
some warning into logs, to warn the lazy people like me about
consequences) to disable all security features altogether. e.g.
--security=off and default --security=on (or whatever popt can
handle).

At the moment (3.0rc2) it seems that only main() in daemon.c needs to
be modified to not to complain that opt_allow list is empty if
security is disabled. Listen still listens by default on 0, so no
changes there is needed.


More information about the distcc mailing list