On Thu, 10 Jan 2019 at 10:24, Alex Harui <aha...@adobe.com.invalid> wrote:
> Stephen are you saying that we can't trust ASF Members? That we have to > fear that at least one ASF member will not be able to resist the urge to > leverage the RoyalePMC account for evil? > I'm sure we can find some other way to distribute credentials if that's > true, but I would think there are juicier targets for a rogue ASF member, > like leveraging Jenkins. > > My 2 cents, > -Alex > I think when you have grown above ~500 people you have to acknowledge the potential for rogue actors. That does not mean there currently are any... but if we are building systems that have legal requirements to meet, we cannot eschew the possibility of rogue actors just because we hope everyone is good.
