Re: Fwd: Minutes of meeting

From: Behdad Esfahbod <behdad behdad org>
To: Sankarshan Mukhopadhyay <sankarshan randomink org>
Cc: board-list gnome org, Vincent Untz <vuntz gnome org>, membership-committee gnome org
Subject: Re: Fwd: Minutes of meeting
Date: Mon, 26 Feb 2007 14:49:56 -0500

On Mon, 2007-02-26 at 20:31 +0530, Sankarshan Mukhopadhyay wrote:


On the @gnome.org addresses there's no chance of stuff going wrong,
but on any other domain there's a fair bit of risk that we might be
setup however, I'd rather trust the applicant than not :)


I understand your feeling, but there's some level of trust coming with
foundation membership and by trusting applicants, you are essentially
removing that.  It all comes down to the fact that foundation membership
is not a sensitive matter at all.  But just imagine what would happen if
we did the same in the accounts team...  And if you have problems
imagining that, note that malicious commits have been tried on the Linux
kernel numerous times.  And GNOME has some sensitive pieces of code,
like for example, the setuid gnome-pty-helper...  And that being a
foundation member brings some credit in when someone's applying for a
new account, though we require someone to vouch too, for sure.

I've described what the problem scenario is - so if there are ways and
means of solving it please feel free to suggest.


I totally understand your frustration, and that's IMO the main reason
that the accounts queue has been so long.  If I want to spend half an
hour on the accounts team work, I probably get just one or two tickets
moved a bit.  And that's indeed far from optimal.  But I don't think we
should compromise on our trust network.  If we wanted to do that, we
could just trust all applicants and create an account for them right
away.  Instead, what we do is to first ask someone we already trust to
vouch for their commit access, and reply to the requester and ask him to
reply again, to verify their email address, and use tokens in both of
these queries.  Only if we get back both responses with the correct
tokens we trust the requester and go on with creating an account.

The scheme above can be proved strong to some extent, still, this does
not rule social-engineering approaches out.  For example, a malicious
lurker on #gnome-hackers can masquerade as a valuable new contributor he
knows from the IRC, create a gmail account to that name, apply for an
account and I bet most of our vouchers don't check the email address of
the applicant at all...

Anyway, just wanted to point that these things are important even
without being pedantic.


My 0.02CAD

-- 
behdad
http://behdad.org/

"Those who would give up Essential Liberty to purchase a little
 Temporary Safety, deserve neither Liberty nor Safety."
        -- Benjamin Franklin, 1759

Follow-Ups:
- Re: Fwd: Minutes of meeting
  - From: Sankarshan Mukhopadhyay

References:
- Re: Fwd: Minutes of meeting
  - From: Vincent Untz
- Re: Fwd: Minutes of meeting
  - From: Sankarshan Mukhopadhyay

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]