On 07/06/17 22:01, Navina Ramesh wrote: >> Given that admin privs are handed out to PMCs along with explicit > instructions not to change the permissions for the anonymous user, I'd > like to understand what went wrong in this case (with a view to ensuring > it doesn't happen again) before re-enabling admin permissions. > > Agreed. Afaik, there are only 2 "active" PMCs in our project and I don't > believe either of us gave permissions for anonymous user. > >> There were also a bunch of people who are neither PMC members nor > committers who had admin privs on your space. I'd very much prefer to > see admin privs limited to active PMC members and committers moving > forwards. > > Yes. This was a mistake on our part as we should have been cautious on > the permissions we provide for contributors. Going forward, we want to > correct these permissions grants. We just want to make sure there is an > avenue for us to request permissions.
Thanks for the background. What are the wiki usernames of the active PMC members who will be managing permissions going forwards? Mark > > Thanks! > > On Wed, Jun 7, 2017 at 12:47 PM, Mark Thomas <ma...@apache.org > <mailto:ma...@apache.org>> wrote: > > On 07/06/17 18:04, Jagadish Venkatraman wrote: > > Hi Mark, > > > > Thanks for bringing this to our notice. > > > >>> This is because someone, going against ASF infrastructure policy, > > altered the permissions for the anonymous user allowing them write > > permissions > > > > Do we know when this occurred? I presume this was a lapse. > > It looks as if it was around the beginning of last month based on the > dates of the pages I removed. > > > > >>> A samza-dev user has been created and configured to watch the > > Samza wiki space for changes > > > > Sounds great! Does that mean that notifications for changes in the Samza > > wiki space will now be sent to this mailing list? > > This wasn't working. It looks like those notifications will need to go > to the commits list. I'll get that changed shortly and see if that fixes > the problem. > > >>> All users currently assigned permissions on the Samza wiki have had > all > > their permissions revoked except for viewing. > > > > We will re-assess all permissions, and set them up again. I'm assuming > > PMCs will still be able to do this? > > Not at the moment. PMC members currently have read access only. > > Given that admin privs are handed out to PMCs along with explicit > instructions not to change the permissions for the anonymous user, I'd > like to understand what went wrong in this case (with a view to ensuring > it doesn't happen again) before re-enabling admin permissions. > > There were also a bunch of people who are neither PMC members nor > committers who had admin privs on your space. I'd very much prefer to > see admin privs limited to active PMC members and committers moving > forwards. > > Mark > > > > > > Best, > > Jagadish > > > > On Wed, Jun 7, 2017 at 6:13 AM, Mark Thomas <ma...@apache.org > <mailto:ma...@apache.org> > > <mailto:ma...@apache.org <mailto:ma...@apache.org>>> wrote: > > > > Dear Samza developer community, > > > > It has been brought to the infrastructure team's attention that your > > wiki [1] is covered in spam. This is because someone, going against > ASF > > infrastructure policy, altered the permissions for the anonymous > user > > allowing them write permissions. > > > > During the investigation it was noticed that change notifications > for > > your wiki were not being sent to a public mailing list so that the > > community could monitor all changes to the wiki. > > > > Therefore, the following actions have been taken: > > > > - All users currently assigned permissions on the Samza wiki have > had > > all their permissions revoked except for viewing. > > > > - A samza-dev user has been created and configured to watch the > Samza > > wiki space for changes > > > > Additionally, the spam pages will shortly be removed. > > > > Mark > > on behalf of the ASF infrastructure team > > > > [1] https://cwiki.apache.org/confluence/display/SAMZA/Apache+Samza > <https://cwiki.apache.org/confluence/display/SAMZA/Apache+Samza> > > > <https://cwiki.apache.org/confluence/display/SAMZA/Apache+Samza > <https://cwiki.apache.org/confluence/display/SAMZA/Apache+Samza>> > > > > > > > > > -- > Navina R.
