List Archive: gentoo-dev
On Tue, March 10, 2009 7:07 am, Duncan wrote:
> Gordon Malm <gengor@g.o> posted
> 200903091617.48682.gengor@g.o, excerpted below, on Mon, 09 Mar
> 2009 16:17:48 -0700:
>
>> There is an important security aspect to retiring folks - commit
>> abilities. Perhaps in the case a dev wants to contribute but cannot in
>> the near future their commit privs can just be revoked until such time
>> they ask for them to be turned back on? I guess that would be an
>> 'extended devaway' ?
>
[...]
> We don't want some still active authorization and key
> from two years ago getting stolen and used to try to slip a bad commit
> under the radar [...]
With some devs reviewing gentoo-commits@, I highly doubt that this commit
could go unnoticed more than a few hours.
--
Pierre-Yves Rofes
Gentoo Linux Security Team
|
|
