[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 13 May 2011 03:21:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 12 May 2011 23:22:04 -0400
In-reply-to: <044.360ee1ef20b4a6161c3642683117e816@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.360ee1ef20b4a6161c3642683117e816@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3158: Need a clearer policy about who gets ldap accounts
---------------------+------------------------------------------------------
 Reporter:  arma     |          Owner:  phobos
     Type:  defect   |         Status:  new   
 Priority:  normal   |      Milestone:        
Component:  Company  |        Version:        
 Keywords:           |         Parent:        
   Points:           |   Actualpoints:        
---------------------+------------------------------------------------------

Comment(by Sebastian):

 Replying to [ticket:3158 arma]:
 > I believe one needs a tor ldap account in order to get a tor git repo.
 True/false?

 true

 > A while ago there was a concern about giving ldap accounts to people
 just to give them a git repo: "doesn't having an ldap account mean you can
 access systems you shouldn't need to access?" I believe it was resolved
 with "no, the list of who can access which system is a separate list."

 The concern is more that anyone who has an ldap account with git access
 has git access, so if they pwn git they can clobber all our official
 repositories without any additional linux exploit.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3158#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
Next by Author: Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
Previous by thread: Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
Next by thread: Re: [tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
Index(es):
- Author
- Thread