ACL removal day?!
Ralf Corsepius
rc040203 at freenet.de
Wed Jun 20 15:27:05 UTC 2007
On Wed, 2007-06-20 at 23:18 +0800, David Woodhouse wrote:
> On Wed, 2007-06-20 at 16:56 +0200, Ralf Corsepius wrote:
> > Without ACLs in effect he will be able to
> > compromise other packages than yours.
>
> We don't need an ACL on _commits_. We can have one on _builds_.
Absolutely. IMO, this would be a reasonable compromise.
> Or
> preferably just on _pushes_ to the repository -- people other than the
> maintainer can build an untagged package and the maintainer (or someone
> in the ACL) would have to tag it for the intended collection.
Don't get me wrong, I am vehemently opposed to the current ACLs. IMO,
all they do is to close out "people who are following the rules of the
game" and are unlikely to help in cases of real attacks.
Ralf
More information about the Fedora-maintainers
mailing list