From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mark Mitchell To: ac131313@cygnus.com Cc: cgf@redhat.com, overseers@gcc.gnu.org Subject: Re: GCC maintainer account Date: Sat, 17 Feb 2001 12:10:00 -0000 Message-ID: <20010217121554S.mitchell@codesourcery.com> References: <20010215184752A.mitchell@codesourcery.com> <20010215221019.A14965@redhat.com> <3A8DE3D8.97CBD65@cygnus.com> X-SW-Source: 2001-q1/msg00241.html Message-ID: <20010217121000.IzhTSSW7N6nclaKyEVrto6xuHF3XD-yoQ5ajMNgYI4g@z> >>>>> "Andrew" == Andrew Cagney writes: Andrew> Chris Faylor wrote: >> I've set this account up but this could possibly be >> retroactively vetoed by the other overseers if they see this as >> a security risk. Andrew> If I've the right of veto then I'd like to veto this move. Andrew> It is a serious security risk :-( It scares the crap out Andrew> of me. Until now, we've had a very hard time managing cron jobs, etc., because people had to set up these jobs out of their own accounts (which most of the GCC SC did not have) and there was no way to see what jobs other people had running, etc. Now we have an account that only the GCC SC can use. That means an account with about 15 authorized uers -- some of whom already have accounts on the machine. I think that's pretty reasonable, given that this is a GNU Project, and these people are the maintainers for this part of the GNU Project. If that's not acceptable to Red Hat, I fully understand. There is no doubt that this account increases the risk of compromise of Red Hat proprietary information and the integrity of the machine. It's fine if some of the cronjobs run somewhere else. But, we really do need direct access to the machine. For example, we have to be able to manipulate the FTP site as well, and, sometimes, perform direct surgery on the CVS repository. If that risk isn't acceptable to Red Hat, that's perfectly understandable. In that case, though, we should probably move the GCC repository to a machine that doesn't have the same risk profile. -- Mark Mitchell mark@codesourcery.com CodeSourcery, LLC http://www.codesourcery.com