Fedora Board Recap 2008-MAR-25
Karsten 'quaid' Wade
kwade at redhat.com
Fri Mar 28 21:23:48 UTC 2008
On Fri, 2008-03-28 at 16:22 -0400, Tom "spot" Callaway wrote:
> On Fri, 2008-03-28 at 16:11 -0400, Jon Stanley wrote:
> > On Fri, Mar 28, 2008 at 3:36 PM, John Poelstra <poelstra at redhat.com> wrote:
> > > === Fedora Accounts ===
> > > * What are the procedures for disabling questionable Fedora accounts?
> > > * Continue discussion at next meeting
> > I guess another question that needs to be answered here is what
> > constitutes a "questionable account"?
> I can answer that:
> * An account for which the name is obviously fake, and the person
> refuses to provide a real name (has never happened).
> * An account for an ex-Red Hat employee who has not signed the CLA, and
> refuses to do so (has never happened, to my knowledge)
> Those are the only cases I know of right now.
There's really the larger case of what to do when you have an account
that is in violation of some kind. Not social violation, as ostracizing
people on mailing lists is much more effective. But if someone acts on
Fedora systems with malicious intent, or if someone _suspects_ that
someone else is doing that. Who reports what to whom? Who has the
authority to act? Who is accountable if mistakes are made to fix etc.?
Another option is a compromised or suspected compromised account. Who
do you report that to?
Would also be good if we spelled out what we expect people to do if they
feel their account is compromised or, e.g., a laptop gets stolen with
sshkeys and client-side certs.
All in the bucket of "Account Management and Policies".
Karsten Wade, Sr. Developer Community Mgr.
Dev Fu : http://developer.redhatmagazine.com
Fedora : http://quaid.fedorapeople.org
gpg key : AD0E0C41
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the fedora-advisory-board