On Fri, 2008-03-28 at 16:22 -0400, Tom "spot" Callaway wrote: > On Fri, 2008-03-28 at 16:11 -0400, Jon Stanley wrote: > > On Fri, Mar 28, 2008 at 3:36 PM, John Poelstra <poelstra@xxxxxxxxxx> wrote: > > > > > === Fedora Accounts === > > > * What are the procedures for disabling questionable Fedora accounts? > > > * Continue discussion at next meeting > > > > I guess another question that needs to be answered here is what > > constitutes a "questionable account"? > > I can answer that: > > * An account for which the name is obviously fake, and the person > refuses to provide a real name (has never happened). > * An account for an ex-Red Hat employee who has not signed the CLA, and > refuses to do so (has never happened, to my knowledge) > > Those are the only cases I know of right now. There's really the larger case of what to do when you have an account that is in violation of some kind. Not social violation, as ostracizing people on mailing lists is much more effective. But if someone acts on Fedora systems with malicious intent, or if someone _suspects_ that someone else is doing that. Who reports what to whom? Who has the authority to act? Who is accountable if mistakes are made to fix etc.? Another option is a compromised or suspected compromised account. Who do you report that to? Would also be good if we spelled out what we expect people to do if they feel their account is compromised or, e.g., a laptop gets stolen with sshkeys and client-side certs. All in the bucket of "Account Management and Policies". - Karsten -- Karsten Wade, Sr. Developer Community Mgr. Dev Fu : http://developer.redhatmagazine.com Fedora : http://quaid.fedorapeople.org gpg key : AD0E0C41
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
