Return-Path: Delivered-To: apmail-infrastructure-dev-archive@minotaur.apache.org Received: (qmail 8498 invoked from network); 26 May 2009 17:26:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 26 May 2009 17:26:41 -0000 Received: (qmail 60500 invoked by uid 500); 26 May 2009 17:26:54 -0000 Delivered-To: apmail-infrastructure-dev-archive@apache.org Received: (qmail 60369 invoked by uid 500); 26 May 2009 17:26:54 -0000 Mailing-List: contact infrastructure-dev-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: infrastructure-dev@apache.org Delivered-To: mailing list infrastructure-dev@apache.org Received: (qmail 60345 invoked by uid 99); 26 May 2009 17:26:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 May 2009 17:26:53 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [209.20.70.15] (HELO alice.pc-tony.com) (209.20.70.15) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 26 May 2009 17:26:42 +0000 Received: (qmail 19149 invoked by uid 507); 26 May 2009 17:26:21 -0000 Received: from unknown (HELO ?172.16.45.10?) (tony@pc-tony.com@88.96.12.158) by alice.pc-tony.com with ESMTPA; 26 May 2009 17:26:20 -0000 Message-Id: From: Tony Stevenson To: infrastructure-dev@apache.org In-Reply-To: <510143ac0905260842q5f27f4cdk544afdf6d8d47267@mail.gmail.com> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v935.3) Subject: Re: LDAP - Next Steps Date: Tue, 26 May 2009 18:26:19 +0100 References: <67DA8A55-4815-47E9-B2A0-0A819E7848B4@pc-tony.com> <510143ac0905260842q5f27f4cdk544afdf6d8d47267@mail.gmail.com> X-Mailer: Apple Mail (2.935.3) X-Virus-Checked: Checked by ClamAV on apache.org Jukka, We will be deploying a web app that will enable PMC chairs to edit group memberships. Option 3 will not allow you to add/remove groups etc. Hence my hesitation to make it a firm 3rd option. On 26 May 2009, at 16:42, Jukka Zitting wrote: > Hi, > > On Tue, May 26, 2009 at 5:29 PM, Tony Stevenson > wrote: >> As you know, at the moment the SVN Authz file is in Subversion, >> when we move >> groups into LDAP, this will no longer be the case. > > When this happens, how will PMC chairs be updating the authorization > settings? > > This is what worries me especially with the proposed option 3: > >> [...] it would require someone with root privileges on eris/ >> harmonia to be >> able to add new location tags, and add new groups to an existing one. > > I definitely don't want root on eris/harmonia, but I'd still like to > be able to set up access controls for new incubating projects, etc. > > BR, > > Jukka Zitting Cheers, Tony -------------------------------------------- Tony Stevenson tony@pc-tony.com - pctony@apache.org pctony@freenode.net - tony@caret.cam.ac.uk http://blog.pc-tony.com 1024D/51047D66 ECAF DC55 C608 5E82 0B5E 3359 C9C7 924E 5104 7D66 --------------------------------------------