FESco meeting summary for 20090507

Toshio Kuratomi a.badger at gmail.com
Sat May 9 19:10:35 UTC 2009


Jon Stanley wrote:
> == Allow all packagers to commit to specific packages ==
> 
> This was briefly discussed, will be brought up for a vote next week.
> FESCo is generally fine with the idea, however, some security measures
> will need to be put in place prior to actual implementation
> 
I updated the ticket with notes from teh meeting:
  https://fedorahosted.org/fesco/ticket/108#comment:9

One thing that was mentioned was the lack of fs acls at the moment.
After looking at what we have now, I'm not sure that fs acls fix
anything that's not also broken currently.

Currently:

* the cvs repository has no fs acls
* unix group for all directories is set to packager with a sticky group bit.
* the cvs acl script limits who can actually commit to packages to
@provenpackager and the specific people involved.

Implementation-wise, the proposal would allow the cvs acl script to have
@packager as another allowed group so people who are just in the
packager group can commit to a specific package.

I can see fs acls being used to lock down our repo against bugs in the
cvs acl script or being used to replace the cvs acl script.  But that
seems to be somewhat separate from the proposal.  I don't think it would
solve anything specific to the proposal but could make things more
secure for both the current and proposed method.

notting, do you see something that I don't?

-Toshio

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20090509/031b54bb/attachment.sig>


More information about the fedora-devel-list mailing list