From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26322 invoked by alias); 7 Oct 2017 21:44:49 -0000 Mailing-List: contact overseers-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: , Sender: overseers-owner@sourceware.org Received: (qmail 26312 invoked by uid 89); 7 Oct 2017 21:44:49 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=2.0 required=5.0 tests=BAYES_20,FREEMAIL_FROM,KAM_MXURI,RCVD_IN_DNSWL_NONE,RCVD_IN_SORBS_SPAM,SPF_PASS autolearn=no version=3.3.2 spammy=H*r:sk:dynamic, revoked, H*r:Interface, Hx-aol-sid:sk:3039ac1 X-HELO: omr-m005e.mx.aol.com Received: from omr-m005e.mx.aol.com (HELO omr-m005e.mx.aol.com) (204.29.186.5) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Sat, 07 Oct 2017 21:44:47 +0000 Received: from mtaout-aal02.mx.aol.com (mtaout-aal02.mx.aol.com [172.27.20.206]) by omr-m005e.mx.aol.com (Outbound Mail Relay) with ESMTP id B967638000A2; Sat, 7 Oct 2017 17:44:45 -0400 (EDT) Received: from localhost.localdomain (23.196.199.178.dynamic.wline.res.cust.swisscom.ch [178.199.196.23]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mtaout-aal02.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 0520338000084; Sat, 7 Oct 2017 17:44:44 -0400 (EDT) Reply-To: LpSolit@netscape.net Subject: Re: GCC Bugzilla account creation configuration To: Joseph Myers Cc: "Frank Ch. Eigler" , overseers@gcc.gnu.org References: <20170811163852.GA5265@ednor.casa.cgf.cx> <20170811174157.GA1002@ednor.casa.cgf.cx> <20170914122510.GG29130@redhat.com> <20170914123452.GA26649@redhat.com> <2c7c2e22-6ca1-77e5-3caa-458eb90acbe0@netscape.net> From: "Frédéric Buclin via overseers" Reply-To: =?UTF-8?B?RnLDqWTDqXJpYyBCdWNsaW4=?= Message-ID: <43cf64e7-400a-78c8-4649-f1f325254e1c@netscape.net> Date: Sat, 07 Oct 2017 21:44:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit x-aol-global-disposition: G x-aol-sid: 3039ac1b14ce59d94acc631c X-AOL-IP: 178.199.196.23 X-SW-Source: 2017-q4/txt/msg00004.txt.bz2 Le 03. 10. 17 à 23:47, Joseph Myers a écrit : >> My view is that we should restrict privileges for them. > > I haven't seen any comments contradicting this, so I think you should take > that as consensus. I added a new 'addusers' permission to only create new accounts but not play with existing ones nor to edit group membership. I managed to do this without altering the upstream code (everything is in the GCC extension). This link lists users currently with editusers privileges: https://gcc.gnu.org/bugzilla/editusers.cgi?action=list&grouprestrict=1&groupid=2 "Untrusted" users should have their privileges either revoked or moved to the new 'addusers' group. Moreover, I would suggest that users who haven't logged in in the last 3 years have their admin/editusers privileges revoked too. This would affect 4 users: Wolfgang Bangerth (2 accounts) Daniel Berlin Dara Hazeghi Giovanni Bajo Any objection? Frédéric