Access rights for extensions.gnome.org
- From: Owen Taylor <otaylor redhat com>
- To: gnome-infrastructure gnome org
- Cc: "Jasper St. Pierre" <jstpierre mecheye net>
- Subject: Access rights for extensions.gnome.org
- Date: Wed, 12 Oct 2011 13:02:57 -0400
So, I've been doing some work on setting up extensions.gnome.org, and
have come to the point of needing to figure out access rights.
extensions.gnome.org has a bit more security concerns than the average
gnome.org website, because if you have access to modify the extensions
web app or the downloads it serves, you can substitute extensions with
malicious versions.
Of course, injection of malicious code is also an issue with our git
repositories, but we at least have intermediate steps between commits
to git and final release where things can be caught.
So, I'd like to take some additional steps to lock down access:
- Put extensions.gnome.org on a separate VM (already created)
- Restrict login access and database access to GNOME sysadmins
and people actively involved in site maintenance.
- Maybe also lock down commits to the repository the same way
- Use manual push rather than automatically pushing commit.
My thought is that it probably makes most sense to create a new group,
called egoadmin which will be used for update-auth, sudo, and also
(if we decide to lock down git commits) for checking in a hook.
Anybody see any problems with creating such a group and adding it to
Mango? (Like gitadmin, it's possible that at some point, we'll want
to just drop and and say that e.g.o maintenance is just part of what
the sysadmins do, but for now it would be a pain to have to proxy
everything for Jasper St. Pierre who is actually working on the site.)
- Owen
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]