[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [RFE] Auto-approve watchcommits and watchbugzilla in Pkgdb



Tom Lane wrote:
> Peter Lemenkov <lemenkov gmail com> writes:
>> Why we should approve manually requests to watching bugzilla and
>> cvs changes for packages? I'm sure we need to change policy in
>> order to automatically approve all such requests.
>
> Isn't there a security issue there?  I'm not sure I want any random
> person watching every bz or commit I make.

I _think_ watchbugzilla could have security risks, as anyone with that
privilege would see potentially security-sensitive bugs.

I'm not sure I see what issue there would be with watchcommits.
Anyone random person can watch every commit you make right now, they
just have to subscribe to fedora-extras-commits and filter things on
your name.  Generally, I think more people watching every one else's
commits makes for better security.

Of course, I could be missing something that watchcommits grants which
could be a real security risk.  And I'm happy to be enlightened in
that case.

-- 
Todd        OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ever notice that even the busiest people are never too busy to tell
you just how busy they are?

Attachment: pgpUBhfGlHM6T.pgp
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]