Tom Lane wrote: > Peter Lemenkov <lemenkov@xxxxxxxxx> writes: >> Why we should approve manually requests to watching bugzilla and >> cvs changes for packages? I'm sure we need to change policy in >> order to automatically approve all such requests. > > Isn't there a security issue there? I'm not sure I want any random > person watching every bz or commit I make. I _think_ watchbugzilla could have security risks, as anyone with that privilege would see potentially security-sensitive bugs. I'm not sure I see what issue there would be with watchcommits. Anyone random person can watch every commit you make right now, they just have to subscribe to fedora-extras-commits and filter things on your name. Generally, I think more people watching every one else's commits makes for better security. Of course, I could be missing something that watchcommits grants which could be a real security risk. And I'm happy to be enlightened in that case. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ever notice that even the busiest people are never too busy to tell you just how busy they are?
Attachment:
pgpmUJvvViVe8.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
