Granting write access to all DDs to our git area

Mon Apr 13 13:56:04 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 2015-04-13 11:08, Jonas Smedegaard wrote:
> Quoting Fabian Greffrath (2015-04-13 09:30:54)
>> I think it makes a difference if we blindly trust fellow DDs or 
>> probably random newcomers with unchecked identities.
> 
> That's a valid point.

yes.

> 
> We already deal with with non-identified upstreams, so should not 
> blindly trust newly added git commits anyway.
> 
> How do envision our fellow non-identified team mates might abuse 
> admin access to our git repos?  Does the risk of such potential 
> abuse outweigh the benefit of the encouragement it provides to 
> treat our colleagues as equal peers?

i quite agree.

assuming "admin" still grants the same priviliges as in 2011 (add new
members, edit meta data of alioth project), i think that the harm that
can *possibly* be done by a malevolent user is rather small, and it
might be worth to just try it out (making everybody admin) and wait
until a malefactor turns up (which most likely will never happen).

the other question is, how big an encouragement the granted
unconditional trust really¹ provides.

fgmasdr
IOhannes

¹ not that i think that this measurable/quantifiable in any way.