We're not even talking about removing accounts. That is at ASF level. But we're talking about revoking permissions.
Best regards, Pierre Smits *ORRTIZ.COM <http://www.orrtiz.com>* Services & Solutions for Cloud- Based Manufacturing, Professional Services and Retail & Trade http://www.orrtiz.com On Thu, Mar 12, 2015 at 2:26 PM, Ron Wheeler <rwhee...@artifact-software.com > wrote: > I thought that we were talking about removing accounts not erasing past > contributors from all history of the project. > > Is there some great difficulty to adding a committer with the right privs? > How much karma is encapsulated in the actual account? > > Getting rid of unused accounts seems to be a common recommendation for > improving security. > > Having an up-to-date list of voters would probably help to clarify the > results of votes for releases, etc. > Turning 20% of the eligible voters into 80% by cleaning the enumeration > list, makes it easier to explain why a release vote was accepted. > > Ron > > On 12/03/2015 9:15 AM, Jake Farrell wrote: > >> Hi Pierre >> merit and karma are earned and should not be taken away. If we where to >> remove karma for services and then someone came back how would we track >> what their previous permissions had been, this would leave no guarantee >> that they would have the same permissions they had when they initially >> stepped away for whatever reason. >> >> -Jake >> >> On Thu, Mar 12, 2015 at 9:09 AM, Pierre Smits <pierre.sm...@gmail.com> >> wrote: >> >> I apparently only replied to Jaques. See that message below. >>> >>> >>> Pierre Smits >>> >>> *ORRTIZ.COM <http://www.orrtiz.com>* >>> Services & Solutions for Cloud- >>> Based Manufacturing, Professional >>> Services and Retail & Trade >>> http://www.orrtiz.com >>> >>> ---------- Forwarded message ---------- >>> From: Pierre Smits <pierre.sm...@gmail.com> >>> Date: Thu, Mar 12, 2015 at 1:15 PM >>> Subject: Re: Why are committers accounts never terminated? >>> To: Jacques Le Roux <jacques.le.r...@les7arts.com> >>> >>> >>> When committers resign on their own accord (for whatever reason) their >>> permissions for the tools of the project (JIRA, CONFLUENCE, SVN, etc) >>> should be revoked. When they want to be active again, this can easily be >>> facilitated. >>> >>> Best regards, >>> >>> Pierre Smits >>> >>> *ORRTIZ.COM <http://www.orrtiz.com>* >>> >>> Services & Solutions for Cloud- >>> Based Manufacturing, Professional >>> Services and Retail & Trade >>> http://www.orrtiz.com >>> >>> On Thu, Mar 12, 2015 at 1:11 PM, Jacques Le Roux < >>> jacques.le.r...@les7arts.com> wrote: >>> >>> Thanks Mark, >>>> >>>> It's quite clear >>>> >>>> Jacques >>>> >>>> Le 12/03/2015 11:59, Mark Thomas a écrit : >>>> >>>> On 12/03/2015 09:50, Jacques Le Roux wrote: >>>> >>>>> Hi Infra Team and All, >>>>>> >>>>>> I have a question I wonder for some time and recently discussed in our >>>>>> OFBiz PMC ML. >>>>>> >>>>>> Committers come and go. When a PMC member resign, because s/he clearly >>>>>> wants to stop helping on the project and want to be completely >>>>>> disconnect from it, her/his committer account remains active. I wonder >>>>>> if this is not an useless security hole. Same for no longer active >>>>>> committers. The difference with an active committer is s/he will never >>>>>> know since s/he is possibly no longer monitoring things. >>>>>> >>>>>> A credential can be abused by an external person, that can be the >>>>>> beginning of much troubles we can not all imagine (hackers do)... With >>>>>> security holes you never know, until it bites you, so I really wonder >>>>>> why a committer account can not be terminated? >>>>>> >>>>>> A committer account on its own can do very little in the way of harm. >>>>> >>>>> It can (if you know which hoops to jump through) get shell access to >>>>> people.a.o and it can send e-mail from an @apache.org e-mail address. >>>>> >>>>> people.a.o is locked down (and infra has additional monitoring in >>>>> place) >>>>> so the risk here is sufficiently small infra is happy with it. >>>>> >>>>> It terms of sending e-mail via an @apache.org e-mail address, if it is >>>>> abusive (i.e. spammy) then we do rely on folks reporting it to us. >>>>> >>>>> The PMC is responsible for granting (and revoking) commit access. There >>>>> is nothing (of a technical nature - you'll have to answer to the board >>>>> and your community for the social aspects) stopping you removing >>>>> inactive committers from the appropriate LDAP group(s). >>>>> >>>>> I'd add that the PMC is responsible for reviewing all the commits made >>>>> to the PMC's repositories. You are expected to spot if a long inactive >>>>> committer suddenly starts making changes or an account you don't >>>>> recognise makes changes. Likewise, active committers are expected to >>>>> spot changes in their name they did not make. >>>>> >>>>> More generally, if infra has a security concern we shut stuff down >>>>> and/or lock accounts first and ask questions later. Any security >>>>> concerns should be reported immediately to r...@apache.org >>>>> >>>>> Finally, infra periodically enforces password resets for all >>>>> committers. >>>>> This has the helpful side-effect of effectively locking unused >>>>> committer >>>>> accounts. >>>>> >>>>> Mark >>>>> >>>>> >>>>> >>>>> >>> > > -- > Ron Wheeler > President > Artifact Software Inc > email: rwhee...@artifact-software.com > skype: ronaldmwheeler > phone: 866-970-2435, ext 102 > >
