ACL removal day?!

Steve Grubb sgrubb at redhat.com
Tue Jun 19 17:24:30 UTC 2007


On Tuesday 19 June 2007 13:10:10 Rahul Sundaram wrote:
> > ... then they are able to remove them, and we can discuss changing the
> > defaults/adding something to the CVS request form/whatever. I'm not
> > seeing the problem here?
>
> The need for ACL's by default that restrict the package to only the
> package maintainers is not clear

This needs to be clear. Its for security. If you take all ACLs off the 
packages and an account becomes compromised, the attacker can get to 
everything. 

Please keep the ACLs by default so that there is not a window where a package 
is left unguarded if it needed to be.

-Steve




More information about the Fedora-maintainers mailing list