On 2011-01-25 10:50:48 PM, Till Maas wrote:
> Did he really not have write access to the Fedora wiki or the different
> trac instances (wiki, ticket system) on fedorahosted? I am not sure how
> it is handled, but he also might have had push access to the comps repo
> on fedorahosted.
Sorry, these are omissions on our part.  All packagers have edit
access to the Fedora wiki, push access to comps on fedorahosted, and all
Fedora Accounts are able to login to fedorahosted trac instances (with
no special privileges by default).

We found no unverifed Fedora wiki edits or pushes to comps from the
account in question.

> Additionally it would be nice to investigate whether the account was
> used to access the test machine resources for package maintainers:
> https://fedoraproject.org/wiki/Test_Machine_Resources_For_Package_Maintainers
Good point.  We don't run those machines, and all packagers have sudo
there , so Fedora packagers should consider it unsafe to forward their
SSH agent or enter any sensitive information on those machines.  We'll
get in touch with Kevin about checking those machines though.


Attachment: pgpRWyk3BZ73c.pgp
Description: PGP signature

devel mailing list

Reply via email to