On Mon, Jul 26, 2004 at 09:21:47PM -0700, Bryce Harrington wrote: > On Tue, 27 Jul 2004, Daniel Stone wrote: > > I'm just saying that I feel a twang every time I add someone to fd.o (in > > particular, the X projects, since they are so widely-deployed), and that > > if we were to wholesale import 88 or 120 committers ... wow. That's a > > big change, and 120 *more* potential attack vectors (even more than we > > already have). If there is any way to lessen the pain by a logical > > separation: coders can commit to the code components, translators can > > commit to the translation components, that would absolutely make my day. > > Heya Daniel, > > Would this CVS access script be of any use in mitigating the issue? > > http://sourceforge.net/docman/display_doc.php?docid=772&group_id=1#scriptcvsacls Not really, sadly; we don't run authenticated pserver for very good reason, and all developers have shell access, so they could completely bypass it, which doesn't solve the problem of one of 120 compromised accounts leading to a hole in the X code (or D-BUS, or whatever). At this stage, I'm thinking an overlay module would be the best solution. Can any of the translators (or developers, or anyone) comment on whether I'm just really stupid or if this is actually a good idea? :) d -- Daniel Stone <daniel freedesktop org> freedesktop.org: powering your desktop http://www.freedesktop.org
Attachment:
signature.asc
Description: Digital signature