[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
removing permissions for long unused accounts?
From: |
Bruno Haible |
Subject: |
removing permissions for long unused accounts? |
Date: |
Sun, 21 Feb 2021 19:20:43 +0100 |
User-agent: |
KMail/5.1.3 (Linux/4.4.0-201-generic; KDE/5.18.0; x86_64; ; ) |
Hi,
On another GNU mailing list, someone is writing:
Since I no longer work on <PACKAGE> I give
you permission to remove my git server access (the key). If I ever
change my mind about this, we can work out a new solution.
Can you please check if I have any other privileged accounts or rights
left in the infrastructure? Even though we have not used password
based logins, I don't want to be a security liability with possible
effects for myself and for you.
I tend to agree that everyone who has write access to the repository
poses a certain (small) security risk; the SSH private key might be
compromised. Therefore it sounds like a reasonable security measure
to revoke the write access for users who have been inactive for a
certain time, say 4 years.
Would you agree with that?
The following people still have write access to the gnulib repository
and have not done any commits in 4 years:
Andreas Grünbacher
Bruce Korb
Ludovic Courtès
Derek R. Price
Eli Zaretskii
Gary V. Vaughan
Gerd Moellmann
Sergey Poznyakoff
Joel E. Denny
Kamil Dudka
Stefan Monnier
Richard M. Stallman
Ralf Wildenhues
Stefano Lattarini
I would like to emphasize that removal of write access would *not* be
a disapproval of past work, nor related to lack of friendship. Just a
security measure.
What do you think?
Bruno
- removing permissions for long unused accounts?,
Bruno Haible <=