[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Fedora Board Recap 2008-MAR-25



On Fri, 2008-03-28 at 16:22 -0400, Tom "spot" Callaway wrote:
> On Fri, 2008-03-28 at 16:11 -0400, Jon Stanley wrote:
> > On Fri, Mar 28, 2008 at 3:36 PM, John Poelstra <poelstra redhat com> wrote:
> > 
> > >  === Fedora Accounts ===
> > >   * What are the procedures for disabling questionable Fedora accounts?
> > >   * Continue discussion at next meeting
> > 
> > I guess another question that needs to be answered here is what
> > constitutes a "questionable account"?
> 
> I can answer that:
> 
> * An account for which the name is obviously fake, and the person
> refuses to provide a real name (has never happened).
> * An account for an ex-Red Hat employee who has not signed the CLA, and
> refuses to do so (has never happened, to my knowledge)
> 
> Those are the only cases I know of right now.

There's really the larger case of what to do when you have an account
that is in violation of some kind.  Not social violation, as ostracizing
people on mailing lists is much more effective.  But if someone acts on
Fedora systems with malicious intent, or if someone _suspects_ that
someone else is doing that.  Who reports what to whom?  Who has the
authority to act?  Who is accountable if mistakes are made to fix etc.?

Another option is a compromised or suspected compromised account.  Who
do you report that to?

Would also be good if we spelled out what we expect people to do if they
feel their account is compromised or, e.g., a laptop gets stolen with
sshkeys and client-side certs.

All in the bucket of "Account Management and Policies".

- Karsten
-- 
Karsten Wade, Sr. Developer Community Mgr.
Dev Fu : http://developer.redhatmagazine.com
Fedora : http://quaid.fedorapeople.org
gpg key : AD0E0C41

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]