I thought that we were talking about removing accounts not erasing past
contributors from all history of the project.
Is there some great difficulty to adding a committer with the right privs?
How much karma is encapsulated in the actual account?
Getting rid of unused accounts seems to be a common recommendation for
improving security.
Having an up-to-date list of voters would probably help to clarify the
results of votes for releases, etc.
Turning 20% of the eligible voters into 80% by cleaning the enumeration
list, makes it easier to explain why a release vote was accepted.
Ron
On 12/03/2015 9:15 AM, Jake Farrell wrote:
Hi Pierre
merit and karma are earned and should not be taken away. If we where to
remove karma for services and then someone came back how would we track
what their previous permissions had been, this would leave no guarantee
that they would have the same permissions they had when they initially
stepped away for whatever reason.
-Jake
On Thu, Mar 12, 2015 at 9:09 AM, Pierre Smits <[email protected]>
wrote:
I apparently only replied to Jaques. See that message below.
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
---------- Forwarded message ----------
From: Pierre Smits <[email protected]>
Date: Thu, Mar 12, 2015 at 1:15 PM
Subject: Re: Why are committers accounts never terminated?
To: Jacques Le Roux <[email protected]>
When committers resign on their own accord (for whatever reason) their
permissions for the tools of the project (JIRA, CONFLUENCE, SVN, etc)
should be revoked. When they want to be active again, this can easily be
facilitated.
Best regards,
Pierre Smits
*ORRTIZ.COM <http://www.orrtiz.com>*
Services & Solutions for Cloud-
Based Manufacturing, Professional
Services and Retail & Trade
http://www.orrtiz.com
On Thu, Mar 12, 2015 at 1:11 PM, Jacques Le Roux <
[email protected]> wrote:
Thanks Mark,
It's quite clear
Jacques
Le 12/03/2015 11:59, Mark Thomas a écrit :
On 12/03/2015 09:50, Jacques Le Roux wrote:
Hi Infra Team and All,
I have a question I wonder for some time and recently discussed in our
OFBiz PMC ML.
Committers come and go. When a PMC member resign, because s/he clearly
wants to stop helping on the project and want to be completely
disconnect from it, her/his committer account remains active. I wonder
if this is not an useless security hole. Same for no longer active
committers. The difference with an active committer is s/he will never
know since s/he is possibly no longer monitoring things.
A credential can be abused by an external person, that can be the
beginning of much troubles we can not all imagine (hackers do)... With
security holes you never know, until it bites you, so I really wonder
why a committer account can not be terminated?
A committer account on its own can do very little in the way of harm.
It can (if you know which hoops to jump through) get shell access to
people.a.o and it can send e-mail from an @apache.org e-mail address.
people.a.o is locked down (and infra has additional monitoring in place)
so the risk here is sufficiently small infra is happy with it.
It terms of sending e-mail via an @apache.org e-mail address, if it is
abusive (i.e. spammy) then we do rely on folks reporting it to us.
The PMC is responsible for granting (and revoking) commit access. There
is nothing (of a technical nature - you'll have to answer to the board
and your community for the social aspects) stopping you removing
inactive committers from the appropriate LDAP group(s).
I'd add that the PMC is responsible for reviewing all the commits made
to the PMC's repositories. You are expected to spot if a long inactive
committer suddenly starts making changes or an account you don't
recognise makes changes. Likewise, active committers are expected to
spot changes in their name they did not make.
More generally, if infra has a security concern we shut stuff down
and/or lock accounts first and ask questions later. Any security
concerns should be reported immediately to [email protected]
Finally, infra periodically enforces password resets for all committers.
This has the helpful side-effect of effectively locking unused committer
accounts.
Mark
--
Ron Wheeler
President
Artifact Software Inc
email: [email protected]
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
