On Mon, Oct 19, 2020 at 04:44:34PM +0000, Mattia Verga wrote: > A little off topic, but Noggin related: I've just (re)created my account > on Noggin, since real accounts have not been ported yet, but I'm a bit > concerned with this. > > Suppose someone move up and would have created an account in Noggin > using my username, but using his data... does that mean that they would > have access to staging resources my account has access to? yep. > And what about accounts for "VIPs" here that have wide access to the > staging infrastructure? Yes, and no. I agree it's a concern, and we probibly should disable new accounts in it for now, but it's not a great concern as there's currently no non root ssh access to stg, so no one would get that. They could get access to some apps, but we often sync from prod over staging and anything they do would just be wiped out. But yeah, I think if the fas sync is going to take a bit, perhaps we should disable the new account creation for now. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
