Hi, You don't need complex ACL features to make the current system a lot more secure. Just : - ironclad the mail sending on commit - systematically send a copy of the commit message to the list of maintainers associated with a package (most maintainers do not have time to follow the full FE commit list) - when a package build is requested, send a magic cookie to all the associated maintainers and the security team and do not push the build till the cookie is returned by mail by one of them - setup a webscm somewhere and automatically create user profiles which include history views of all the packages associated with each individual FE member. Because, you know, if we make sure everything which happens is communicated to the right people before the result is pushed to users there is absolutely no need to protect against malicious users. Besides re-reading their changes this will help maintainers catch their own honest mistakes. -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
-- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
