You're *still* understating the extent of the ceremony. They had to go through everything a subsequently-invited committer had to do, even though Sam Ruby provided the initial instructions. But thanks for mentioning the iCLA. That is an useful object to have on file in tracking down a possible credentials exploit.
I agree that there are those who never showed up after being established. Rob apparently knows who they are. I assume that any commits from those (maybe even logons anywhere) will raise vigilant eyebrows. For double measure, Andrea should have the list, posted on private@ too and maybe filed in the PMC-private area. That should establish adequate oversight. There are also a few committers who have announced their resignation and not since rescinded it. Put those on that "watch list" also. I don't know what is to be done if any of those have used @openoffice.org e-mail addresses in their iCLA and as their @a.o forwarding address. I suppose those are the best to attempt impersonating. The first act to be accessing the profile of an user -- thus confirming the credential -- and changing the forwarding address. Then opting-in should be relatively easy, especially if the original @a.o-holder is not watching any lists here. Having done that, a malefactor can proceed to establish a PGP signature verified for the @a.o too. So, to lock this door, it is *really* necessary to lock-down those committer profiles and remove their authz everywhere. To be reinstated, it is probably necessary to convince the Secretary of the ASF that the request is authentic. - Dennis -----Original Message----- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, April 04, 2013 12:54 To: dev@openoffice.apache.org Subject: Re: Proposal: Improve security by limiting committer access in SVN [ ... ] But with OpenOffice, there was a two week period of time when we rapidly bootstrapped the community by making people committers automatically, on day 1. All they had to do is put their name on a wiki page and return an ICLA and they were committers. No vetting, no vote. Quite a few of them never got involved in the project in even the least degree. So we have these phantom community members, with authorization to change the source code. Regards, -Rob [ ... ] --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
