Dimitris Glezos wrote: > O/H Karsten Wade έγραψε: >> On Sat, 2007-07-14 at 00:55 +0200, Jeroen van Meeuwen wrote: >>> Mike McGrath wrote: >>>> This is my worry too. It's almost enough to make me not want to do it >>>> for non Fedora projects but thats just bad. I'm hoping someone here has >>>> a good, clever way to solve this issue. >> The benefits of these new tools far outweigh the relatively slight >> risks. We really must step up and find a way to make it work. >> >> My vote is simple: we do the best we can, we spell out what the >> security is and the risks involved, and we put that in front of upstream >> projects. We ask them to agree (via email?) to the risk/reward balance >> we present. [...] >> >> Security risk assessment is never about, "No matter the cost, I will >> secure this until it is unbreakable." That guarantee comes from a pair >> of wire cutters used on the CAT(5) between the server and the switch. >> Great for security, bad for business. [...] >> Along these thoughts and Dimitris', having a transifexd running under User A to collect to translations, and another User B to do the actual commits and pushes with, seems to be the best design. SELinux protection of course, is mandatory, although it doesn't prevent a compromised transifexd from putting 'malicious' file in User B's commit/push queue. Kind regards, Jeroen van Meeuwen -kanarip
