[Debian-rtc-admin] New Salsa Group
Jonas Smedegaard
jonas at jones.dk
Tue May 28 21:41:43 BST 2019
Quoting gustavo panizzo (2019-05-28 17:48:35)
> On Tue, May 28, 2019 at 12:31:28PM +0200, Jonas Smedegaard wrote:
> >Quoting gustavo panizzo (2019-05-28 03:31:58)
> >> Yesterday I've created the rtc-team on salsa,
> >> https://salsa.debian.org/groups/rtc-team/
> >>
> >> everyone in the debvoip ldap group is marked as owner at the
> >> moment, but as soon as we start to put service configurations we
> >> should downgrade people without 2FA to reporter, or set perms per
> >> project.
> >
> >Thanks (again) for setting this up!
> >
> >Which 2FA are you talking about? Is it documented somewhere?
> >
>
> Salsa 2 factor authentication, you can see who in the team has it
> activated here
>
> https://salsa.debian.org/groups/rtc-team/-/group_members
I know the abbreviation generally. My question was how it relates to
us - I highly doubt that 2FA is something DSA issues, and therefore I
suspect it is the wrong measure for who should be able to push things to
DSA-controlled systems.
> if we are going to deploy services' configuration straight from salsa,
> first we should tight the permissions on salsa
I am not convinced it is sensible to restrict git access like that.
Instead it would make sense to me to only let through a commit signed by
one of those trusted by DSA. I have no idea if and how that is doable
with DSA infrastructure, however.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/debian-rtc-team/attachments/20190528/c75d3f2e/attachment.sig>
More information about the Debian-rtc-team
mailing list