On Mon, Feb 26, 2024 at 12:00:15PM +0000, Daniel Stone wrote: > On Mon, 26 Feb 2024 at 11:57, Jani Nikula <jani.nikula@xxxxxxxxxxxxxxx> wrote: > > On Mon, 26 Feb 2024, Maxime Ripard <mripard@xxxxxxxxxx> wrote: > > > For the recent-ish subscriptions, it's possible since we've required to > > > open a Gitlab issue for a while, so we have the association between the > > > Gitlab account and the SSH account already. > > > > > > During the Gitlab setup, the groups were also created already with the > > > people that had an SSH account at the time, and Gitlab account. > > > > > > But for the rest, yeah, I had to ping Daniel S. about it. He could find > > > a few matches, but there's some where we just don't know if or what the > > > Gitlab account is. > > > > > > Generally speaking, we've been conservative about it, and only added > > > accounts we were sure of. > > > > Ah, I didn't make myself clear. I'm more interested in the process going > > forward, for new access requests. Anyone can create an account and > > request access; how does a maintainer verify the request? For our > > purposes it's basically just matching againt the email addresses in > > existing commits in the repo. > > It's a fair question. If you want to verify that someone is > @intel.com, maybe get them to email you out-of-band to check it. If > you want to check something else, just ask an admin I suppose. It looks like we can make the email verification mandatory: https://docs.gitlab.com/ee/security/email_verification.html And we can have a public email on the profile. I guess requesting the public email of a profile to match their contribution and be verified would be enough? Maxime
Attachment:
signature.asc
Description: PGP signature
