On Tue, Jun 02, 2015 at 11:59AM, Branko Čibej wrote: > On 01.06.2015 20:55, Dmitriy Setrakyan wrote: > > Hi, > > > > We need to setup readme.io to automatically commit to our GIT repo when > > documentation is changed. Do we have a GIT user we could reuse for this > > purpose or should we setup a new user through INFRA? > > Definitely a new user with very specific access rights. But have you > considered the security aspects involved here? Who controls the > credentials for this user? How do you guarantee that someone who hacks > readme.io won't suddenly have commit access to ASF repositories? > > IMO, it's better to create a separate repository for the readme.io user > to commit to (doesn't even have to be hosted by the ASF), then someone > from this community can carefully review each change and merge it into > the ASF master repo.
Very strong +1 on _not_ having an account in ASF git for a non-committer entity: it potentially might have a number of funny implications, legal and otherwise. Can we have a github fork that will be sending PRs for documentation changes? This will clearly satisfy what Brane has suggested about the reviews, etc. Cos
signature.asc
Description: Digital signature
