ACL removal day?!
Steve Grubb
sgrubb at redhat.com
Tue Jun 19 17:24:30 UTC 2007
On Tuesday 19 June 2007 13:10:10 Rahul Sundaram wrote:
> > ... then they are able to remove them, and we can discuss changing the
> > defaults/adding something to the CVS request form/whatever. I'm not
> > seeing the problem here?
>
> The need for ACL's by default that restrict the package to only the
> package maintainers is not clear
This needs to be clear. Its for security. If you take all ACLs off the
packages and an account becomes compromised, the attacker can get to
everything.
Please keep the ACLs by default so that there is not a window where a package
is left unguarded if it needed to be.
-Steve
More information about the Fedora-maintainers
mailing list