Re: [fdo] Re: On translation regressions due to dependencies

On Mon, Jul 26, 2004 at 09:21:47PM -0700, Bryce Harrington wrote:
> On Tue, 27 Jul 2004, Daniel Stone wrote:
> > I'm just saying that I feel a twang every time I add someone to fd.o (in
> > particular, the X projects, since they are so widely-deployed), and that
> > if we were to wholesale import 88 or 120 committers ... wow. That's a
> > big change, and 120 *more* potential attack vectors (even more than we
> > already have). If there is any way to lessen the pain by a logical
> > separation: coders can commit to the code components, translators can
> > commit to the translation components, that would absolutely make my day.
> Heya Daniel,
> Would this CVS access script be of any use in mitigating the issue?

Not really, sadly; we don't run authenticated pserver for very good
reason, and all developers have shell access, so they could completely
bypass it, which doesn't solve the problem of one of 120 compromised
accounts leading to a hole in the X code (or D-BUS, or whatever).

At this stage, I'm thinking an overlay module would be the best
solution. Can any of the translators (or developers, or anyone) comment
on whether I'm just really stupid or if this is actually a good idea?

:) d

Daniel Stone                                            <daniel freedesktop org> powering your desktop      

Attachment: signature.asc
Description: Digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]