On 19.06.2007 19:24, Steve Grubb wrote: > On Tuesday 19 June 2007 13:10:10 Rahul Sundaram wrote: >>> ... then they are able to remove them, and we can discuss changing the >>> defaults/adding something to the CVS request form/whatever. I'm not >>> seeing the problem here? >> The need for ACL's by default that restrict the package to only the >> package maintainers is not clear > > This needs to be clear. Its for security. If you take all ACLs off the > packages and an account becomes compromised, the attacker can get to > everything. > > Please keep the ACLs by default so that there is not a window where a package > is left unguarded if it needed to be. I'd say we should work towards a middle ground -- ACLs by default, but create some kind of "trusted contributers group (say sponsors, FESCo members and packagers with more then 25 packages) that get access everywhere. Just my 2 cent. CU thl -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
