| |||||||||||||||||||
|
| |||||||||||||||||||
Re: ACL removal day?!
Steve Grubb wrote: > On Tuesday 19 June 2007 13:10:10 Rahul Sundaram wrote: >>> ... then they are able to remove them, and we can discuss changing the >>> defaults/adding something to the CVS request form/whatever. I'm not >>> seeing the problem here? >> The need for ACL's by default that restrict the package to only the >> package maintainers is not clear > > This needs to be clear. Its for security. If you take all ACLs off the > packages and an account becomes compromised, the attacker can get to > everything. > > Please keep the ACLs by default so that there is not a window where a package > is left unguarded if it needed to be. It can work the other way around too. Remember that the large majority of packages are maintained in Fedora on a voluntary basis and many of them are very important ones. What happens if there is a highly critical security issue on one of those packages where the maintainers are not responding as quickly as ideal because they got sick, went on a vacation or simply lost interest? If you are going to have ACL's by default: 1) Document it explicitly. 2) Recommend that package maintainers consider the need for ACL's carefully. 3) Give blanket access to a select set of groups to fix issues as necessary - Rel Eng, FESCo, Fedora Security Team and possibly a small number of people who have a well known history of doing good QA work on the repository. Rahul -- Fedora-maintainers mailing list Fedora-maintainers@redhat.com https://www.redhat.com/mailman/listinfo/fedora-maintainers (Log in to post comments)
|
|
||||||||||||||||||