On 2011-01-25 10:50:48 PM, Till Maas wrote: > Did he really not have write access to the Fedora wiki or the different > trac instances (wiki, ticket system) on fedorahosted? I am not sure how > it is handled, but he also might have had push access to the comps repo > on fedorahosted. Sorry, these are omissions on our part. All packagers have edit access to the Fedora wiki, push access to comps on fedorahosted, and all Fedora Accounts are able to login to fedorahosted trac instances (with no special privileges by default). We found no unverifed Fedora wiki edits or pushes to comps from the account in question. > Additionally it would be nice to investigate whether the account was > used to access the test machine resources for package maintainers: > https://fedoraproject.org/wiki/Test_Machine_Resources_For_Package_Maintainers Good point. We don't run those machines, and all packagers have sudo there , so Fedora packagers should consider it unsafe to forward their SSH agent or enter any sensitive information on those machines. We'll get in touch with Kevin about checking those machines though. Thanks, Ricky
Attachment:
pgpswboTHFxSW.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
