ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Konstantin Boudnik <...@apache.org>
Subject Re: committer rights for readme.io
Date Tue, 02 Jun 2015 11:09:13 GMT
On Tue, Jun 02, 2015 at 11:59AM, Branko ─îibej wrote:
> On 01.06.2015 20:55, Dmitriy Setrakyan wrote:
> > Hi,
> >
> > We need to setup readme.io to automatically commit to our GIT repo when
> > documentation is changed. Do we have a GIT user we could reuse for this
> > purpose or should we setup a new user through INFRA?
> 
> Definitely a new user with very specific access rights. But have you
> considered the security aspects involved here? Who controls the
> credentials for this user? How do you guarantee that someone who hacks
> readme.io won't suddenly have commit access to ASF repositories?
> 
> IMO, it's better to create a separate repository for the readme.io user
> to commit to (doesn't even have to be hosted by the ASF), then someone
> from this community can carefully review each change and merge it into
> the ASF master repo.

Very strong +1 on _not_ having an account in ASF git for a non-committer
entity: it potentially might have a number of funny implications, legal and
otherwise.

Can we have a github fork that will be sending PRs for documentation changes?
This will clearly satisfy what Brane has suggested about the reviews, etc.

Cos

Mime
View raw message