[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
#3158: Need a clearer policy about who gets ldap accounts
---------------------+------------------------------------------------------
Reporter: arma | Owner: phobos
Type: defect | Status: new
Priority: normal | Milestone:
Component: Company | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------+------------------------------------------------------
Comment(by Sebastian):
Replying to [ticket:3158 arma]:
> I believe one needs a tor ldap account in order to get a tor git repo.
True/false?
true
> A while ago there was a concern about giving ldap accounts to people
just to give them a git repo: "doesn't having an ldap account mean you can
access systems you shouldn't need to access?" I believe it was resolved
with "no, the list of who can access which system is a separate list."
The concern is more that anyone who has an ldap account with git access
has git access, so if they pwn git they can clobber all our official
repositories without any additional linux exploit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3158#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs