Re: RFC: Securing maintainer uploads to master.gnome.org

From: Ray Strode <halfline gmail com>
To: Alan Cox <alan lxorguk ukuu org uk>
Cc: desktop-devel-list gnome org
Subject: Re: RFC: Securing maintainer uploads to master.gnome.org
Date: Fri, 11 Nov 2011 11:33:55 -0500

Hi,

On Fri, Nov 11, 2011 at 3:22 AM, Alan Cox <alan lxorguk ukuu org uk> wrote:
> Locking stuff down means reducing the attack surface (eg getting rid of
> shell accounts) and who can write stuff to trusted repositories. It
> doesn't mean contorting the release process. You just need to have the
> signing policy right. Giving everyone read access isn't a big deal, its
> write access that causes the problem - either to modify repositories or
> to put up fake releases. The latter can to a fair extent be handled by
> enforcing the upload be of a signed file with an appropriate signature
> for the destination.

I understand the arguments for per module ACLs (be it for commits, or
releases).  I understand they close down an attack vector.

I just don't think it's necessary in practice.  These kinds of things
can be handled through social means just as they always have. (version
control has been open since the 90s without issue!)

If we really have to lock down the release, it should be something
handled at the very end of the process, where a random gnomie can do a
one off release as a favor or to get a bug fix/feature he has vested
interested in deployed and it sits in moderation until given a quick
rubber stamp. It would be much better to avoid that red tape, though.

--Ray

References:
- RFC: Securing maintainer uploads to master.gnome.org
  - From: Olav Vitters
- Re: RFC: Securing maintainer uploads to master.gnome.org
  - From: Ray Strode
- Re: RFC: Securing maintainer uploads to master.gnome.org
  - From: Alan Cox

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]