Steve Grubb wrote:
On Tuesday 19 June 2007 13:10:10 Rahul Sundaram wrote:
... then they are able to remove them, and we can discuss changing the
defaults/adding something to the CVS request form/whatever. I'm not
seeing the problem here?
The need for ACL's by default that restrict the package to only the
package maintainers is not clear
This needs to be clear. Its for security. If you take all ACLs off the
packages and an account becomes compromised, the attacker can get to
everything.
Please keep the ACLs by default so that there is not a window where a package
is left unguarded if it needed to be.
It can work the other way around too. Remember that the large majority
of packages are maintained in Fedora on a voluntary basis and many of
them are very important ones.
What happens if there is a highly critical security issue on one of
those packages where the maintainers are not responding as quickly as
ideal because they got sick, went on a vacation or simply lost interest?
If you are going to have ACL's by default:
1) Document it explicitly.
2) Recommend that package maintainers consider the need for ACL's carefully.
3) Give blanket access to a select set of groups to fix issues as
necessary - Rel Eng, FESCo, Fedora Security Team and possibly a small
number of people who have a well known history of doing good QA work on
the repository.
Rahul
--
Fedora-maintainers mailing list
Fedora-maintainers@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers
--
Fedora-maintainers-readonly mailing list
Fedora-maintainers-readonly@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
