incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Seeking Bugzilla Admin Volunteers
Date Mon, 16 Jan 2012 20:39:45 GMT
On Sun, Jan 15, 2012 at 4:49 AM, Andrea Pescetti <pescetti@apache.org> wrote:
> Rob Weir wrote:
>>
>> Did you read anyone say that current privileges are going to be
>> dropped?  I certainly did not say that.
>
>
> No, but that was a doubt I had: in the process of granting new privileges,
> it might be that someone notices that a lot of people already have high
> privileges, and that this group includes people currently unaffiliated with
> the project. I was just making sure that current privileges are not dropped
> now: this will still be an issue, but it can be dealt with separately.
>

That is something we need to deal with, eventually.  Having escalated
privileges associated with people no longer involved with the project
is bad for security. (Wasn't the vector of the last hack of the Apache
website via a XSS attack of bug tracking admin accounts?)

Remember, we can always add permissions back for someone if they did
not see and respond to this note.

Another option is to generate a report of all ID's with elevated
privileges and have that sent to ooo-private where we can decide next
steps.

-Rob

> Regards,
>  Andrea.

Mime
View raw message