[RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb
Todd Zullinger
tmz at pobox.com
Mon Jul 6 18:28:56 UTC 2009
Tom Lane wrote:
> Peter Lemenkov <lemenkov at gmail.com> writes:
>> Why we should approve manually requests to watching bugzilla and
>> cvs changes for packages? I'm sure we need to change policy in
>> order to automatically approve all such requests.
>
> Isn't there a security issue there? I'm not sure I want any random
> person watching every bz or commit I make.
I _think_ watchbugzilla could have security risks, as anyone with that
privilege would see potentially security-sensitive bugs.
I'm not sure I see what issue there would be with watchcommits.
Anyone random person can watch every commit you make right now, they
just have to subscribe to fedora-extras-commits and filter things on
your name. Generally, I think more people watching every one else's
commits makes for better security.
Of course, I could be missing something that watchcommits grants which
could be a real security risk. And I'm happy to be enlightened in
that case.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ever notice that even the busiest people are never too busy to tell
you just how busy they are?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090706/3a6f0d31/attachment.sig>
More information about the fedora-devel-list
mailing list