On Tue, Mar 10, 2009 at 3:21 AM, Pierre-Yves Rofes <p...@gentoo.org> wrote: > On Tue, March 10, 2009 7:07 am, Duncan wrote: >> Gordon Malm <gen...@gentoo.org> posted >> 200903091617.48682.gen...@gentoo.org, excerpted below, on Mon, 09 Mar >> 2009 16:17:48 -0700: >> >>> There is an important security aspect to retiring folks - commit >>> abilities. Perhaps in the case a dev wants to contribute but cannot in >>> the near future their commit privs can just be revoked until such time >>> they ask for them to be turned back on? I guess that would be an >>> 'extended devaway' ? >> > > [...] > >> We don't want some still active authorization and key >> from two years ago getting stolen and used to try to slip a bad commit >> under the radar [...] > > With some devs reviewing gentoo-commits@, I highly doubt that this commit > could go unnoticed more than a few hours.
really? cause I bet I could slip something in; now I'm motivated to try ;p > > -- > Pierre-Yves Rofes > Gentoo Linux Security Team > > > > >
