On Wed, 2007-06-20 at 23:18 +0800, David Woodhouse wrote: > On Wed, 2007-06-20 at 16:56 +0200, Ralf Corsepius wrote: > > Without ACLs in effect he will be able to > > compromise other packages than yours. > > We don't need an ACL on _commits_. We can have one on _builds_. Absolutely. IMO, this would be a reasonable compromise. > Or > preferably just on _pushes_ to the repository -- people other than the > maintainer can build an untagged package and the maintainer (or someone > in the ACL) would have to tag it for the intended collection. Don't get me wrong, I am vehemently opposed to the current ACLs. IMO, all they do is to close out "people who are following the rules of the game" and are unlikely to help in cases of real attacks. Ralf -- Fedora-maintainers mailing list Fedora-maintainers@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers -- Fedora-maintainers-readonly mailing list Fedora-maintainers-readonly@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-maintainers-readonly
