community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leif Hedstrom <zw...@apache.org>
Subject Re: Why are committers accounts never terminated?
Date Thu, 12 Mar 2015 14:16:00 GMT
I'm with Pierre on this one. The ATS PMC has, as an example, several members and committers
  who no longer read or reply to emails. We honestly have no idea if they are even in control
of their  accounts.

Cheers,

-- Leif 



> On Mar 12, 2015, at 7:21 AM, Pierre Smits <pierre.smits@gmail.com> wrote:
> 
> Hi Jake,
> 
> I am not talking about removing merit and karma. Such is persisted in many
> ways, think web pages, wiki pages, etc. I am talking about revoking
> permissions at tools levels. That doesn't mean deleting committers
> identities within the ASF.
> 
> Ensuring that committers get the same permissions back (or not) is up to
> the PMC of a project to decide.
> 
> Best regards,
> 
> Pierre Smits
> 
> *ORRTIZ.COM <http://www.orrtiz.com>*
> Services & Solutions for Cloud-
> Based Manufacturing, Professional
> Services and Retail & Trade
> http://www.orrtiz.com
> 
>> On Thu, Mar 12, 2015 at 2:15 PM, Jake Farrell <jfarrell@apache.org> wrote:
>> 
>> Hi Pierre
>> merit and karma are earned and should not be taken away. If we where to
>> remove karma for services and then someone came back how would we track
>> what their previous permissions had been, this would leave no guarantee
>> that they would have the same permissions they had when they initially
>> stepped away for whatever reason.
>> 
>> -Jake
>> 
>> On Thu, Mar 12, 2015 at 9:09 AM, Pierre Smits <pierre.smits@gmail.com>
>> wrote:
>> 
>>> I apparently only replied to Jaques. See that message below.
>>> 
>>> 
>>> Pierre Smits
>>> 
>>> *ORRTIZ.COM <http://www.orrtiz.com>*
>>> Services & Solutions for Cloud-
>>> Based Manufacturing, Professional
>>> Services and Retail & Trade
>>> http://www.orrtiz.com
>>> 
>>> ---------- Forwarded message ----------
>>> From: Pierre Smits <pierre.smits@gmail.com>
>>> Date: Thu, Mar 12, 2015 at 1:15 PM
>>> Subject: Re: Why are committers accounts never terminated?
>>> To: Jacques Le Roux <jacques.le.roux@les7arts.com>
>>> 
>>> 
>>> When committers resign on their own accord (for whatever reason) their
>>> permissions for the tools of the project (JIRA, CONFLUENCE, SVN, etc)
>>> should be revoked. When they want to be active again, this can easily be
>>> facilitated.
>>> 
>>> Best regards,
>>> 
>>> Pierre Smits
>>> 
>>> *ORRTIZ.COM <http://www.orrtiz.com>*
>>> Services & Solutions for Cloud-
>>> Based Manufacturing, Professional
>>> Services and Retail & Trade
>>> http://www.orrtiz.com
>>> 
>>> On Thu, Mar 12, 2015 at 1:11 PM, Jacques Le Roux <
>>> jacques.le.roux@les7arts.com> wrote:
>>> 
>>>> Thanks Mark,
>>>> 
>>>> It's quite clear
>>>> 
>>>> Jacques
>>>> 
>>>> Le 12/03/2015 11:59, Mark Thomas a écrit :
>>>> 
>>>> On 12/03/2015 09:50, Jacques Le Roux wrote:
>>>>> 
>>>>>> Hi Infra Team and All,
>>>>>> 
>>>>>> I have a question I wonder for some time and recently discussed in
our
>>>>>> OFBiz PMC ML.
>>>>>> 
>>>>>> Committers come and go. When a PMC member resign, because s/he clearly
>>>>>> wants to stop helping on the project and want to be completely
>>>>>> disconnect from it, her/his committer account remains active. I wonder
>>>>>> if this is not an useless security hole. Same for no longer active
>>>>>> committers. The difference with an active committer is s/he will
never
>>>>>> know since s/he is possibly no longer monitoring things.
>>>>>> 
>>>>>> A credential can be abused by an external person, that can be the
>>>>>> beginning of much troubles we can not all imagine (hackers do)...
With
>>>>>> security holes you never know, until it bites you, so I really wonder
>>>>>> why a committer account can not be terminated?
>>>>> A committer account on its own can do very little in the way of harm.
>>>>> 
>>>>> It can (if you know which hoops to jump through) get shell access to
>>>>> people.a.o and it can send e-mail from an @apache.org e-mail address.
>>>>> 
>>>>> people.a.o is locked down (and infra has additional monitoring in place)
>>>>> so the risk here is sufficiently small infra is happy with it.
>>>>> 
>>>>> It terms of sending e-mail via an @apache.org e-mail address, if it is
>>>>> abusive (i.e. spammy) then we do rely on folks reporting it to us.
>>>>> 
>>>>> The PMC is responsible for granting (and revoking) commit access. There
>>>>> is nothing (of a technical nature - you'll have to answer to the board
>>>>> and your community for the social aspects) stopping you removing
>>>>> inactive committers from the appropriate LDAP group(s).
>>>>> 
>>>>> I'd add that the PMC is responsible for reviewing all the commits made
>>>>> to the PMC's repositories. You are expected to spot if a long inactive
>>>>> committer suddenly starts making changes or an account you don't
>>>>> recognise makes changes. Likewise, active committers are expected to
>>>>> spot changes in their name they did not make.
>>>>> 
>>>>> More generally, if infra has a security concern we shut stuff down
>>>>> and/or lock accounts first and ask questions later. Any security
>>>>> concerns should be reported immediately to root@apache.org
>>>>> 
>>>>> Finally, infra periodically enforces password resets for all committers.
>>>>> This has the helpful side-effect of effectively locking unused committer
>>>>> accounts.
>>>>> 
>>>>> Mark
>> 

Mime
View raw message