ofbiz-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ron Wheeler <rwhee...@artifact-software.com>
Subject Re: Why are committers accounts never terminated?
Date Thu, 12 Mar 2015 13:26:31 GMT
I thought that we were talking about removing accounts not erasing past 
contributors from all history of the project.

Is there some great difficulty to adding a committer with the right privs?
How much karma is encapsulated in the actual account?

Getting rid of unused accounts seems to be a common recommendation for 
improving security.

Having an up-to-date list of voters would probably help to clarify the 
results of votes for releases, etc.
Turning 20% of the eligible voters into 80% by cleaning the enumeration 
list, makes it easier to explain why a release vote was accepted.

Ron

On 12/03/2015 9:15 AM, Jake Farrell wrote:
> Hi Pierre
> merit and karma are earned and should not be taken away. If we where to
> remove karma for services and then someone came back how would we track
> what their previous permissions had been, this would leave no guarantee
> that they would have the same permissions they had when they initially
> stepped away for whatever reason.
>
> -Jake
>
> On Thu, Mar 12, 2015 at 9:09 AM, Pierre Smits <pierre.smits@gmail.com>
> wrote:
>
>> I apparently only replied to Jaques. See that message below.
>>
>>
>> Pierre Smits
>>
>> *ORRTIZ.COM <http://www.orrtiz.com>*
>> Services & Solutions for Cloud-
>> Based Manufacturing, Professional
>> Services and Retail & Trade
>> http://www.orrtiz.com
>>
>> ---------- Forwarded message ----------
>> From: Pierre Smits <pierre.smits@gmail.com>
>> Date: Thu, Mar 12, 2015 at 1:15 PM
>> Subject: Re: Why are committers accounts never terminated?
>> To: Jacques Le Roux <jacques.le.roux@les7arts.com>
>>
>>
>> When committers resign on their own accord (for whatever reason) their
>> permissions for the tools of the project (JIRA, CONFLUENCE, SVN, etc)
>> should be revoked. When they want to be active again, this can easily be
>> facilitated.
>>
>> Best regards,
>>
>> Pierre Smits
>>
>> *ORRTIZ.COM <http://www.orrtiz.com>*
>> Services & Solutions for Cloud-
>> Based Manufacturing, Professional
>> Services and Retail & Trade
>> http://www.orrtiz.com
>>
>> On Thu, Mar 12, 2015 at 1:11 PM, Jacques Le Roux <
>> jacques.le.roux@les7arts.com> wrote:
>>
>>> Thanks Mark,
>>>
>>> It's quite clear
>>>
>>> Jacques
>>>
>>> Le 12/03/2015 11:59, Mark Thomas a écrit :
>>>
>>>   On 12/03/2015 09:50, Jacques Le Roux wrote:
>>>>> Hi Infra Team and All,
>>>>>
>>>>> I have a question I wonder for some time and recently discussed in our
>>>>> OFBiz PMC ML.
>>>>>
>>>>> Committers come and go. When a PMC member resign, because s/he clearly
>>>>> wants to stop helping on the project and want to be completely
>>>>> disconnect from it, her/his committer account remains active. I wonder
>>>>> if this is not an useless security hole. Same for no longer active
>>>>> committers. The difference with an active committer is s/he will never
>>>>> know since s/he is possibly no longer monitoring things.
>>>>>
>>>>> A credential can be abused by an external person, that can be the
>>>>> beginning of much troubles we can not all imagine (hackers do)... With
>>>>> security holes you never know, until it bites you, so I really wonder
>>>>> why a committer account can not be terminated?
>>>>>
>>>> A committer account on its own can do very little in the way of harm.
>>>>
>>>> It can (if you know which hoops to jump through) get shell access to
>>>> people.a.o and it can send e-mail from an @apache.org e-mail address.
>>>>
>>>> people.a.o is locked down (and infra has additional monitoring in place)
>>>> so the risk here is sufficiently small infra is happy with it.
>>>>
>>>> It terms of sending e-mail via an @apache.org e-mail address, if it is
>>>> abusive (i.e. spammy) then we do rely on folks reporting it to us.
>>>>
>>>> The PMC is responsible for granting (and revoking) commit access. There
>>>> is nothing (of a technical nature - you'll have to answer to the board
>>>> and your community for the social aspects) stopping you removing
>>>> inactive committers from the appropriate LDAP group(s).
>>>>
>>>> I'd add that the PMC is responsible for reviewing all the commits made
>>>> to the PMC's repositories. You are expected to spot if a long inactive
>>>> committer suddenly starts making changes or an account you don't
>>>> recognise makes changes. Likewise, active committers are expected to
>>>> spot changes in their name they did not make.
>>>>
>>>> More generally, if infra has a security concern we shut stuff down
>>>> and/or lock accounts first and ask questions later. Any security
>>>> concerns should be reported immediately to root@apache.org
>>>>
>>>> Finally, infra periodically enforces password resets for all committers.
>>>> This has the helpful side-effect of effectively locking unused committer
>>>> accounts.
>>>>
>>>> Mark
>>>>
>>>>
>>>>
>>


-- 
Ron Wheeler
President
Artifact Software Inc
email: rwheeler@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102


Mime
View raw message