> Given that admin privs are handed out to PMCs along with explicit instructions not to change the permissions for the anonymous user, I'd like to understand what went wrong in this case (with a view to ensuring it doesn't happen again) before re-enabling admin permissions.
Agreed. Afaik, there are only 2 "active" PMCs in our project and I don't believe either of us gave permissions for anonymous user. > There were also a bunch of people who are neither PMC members nor committers who had admin privs on your space. I'd very much prefer to see admin privs limited to active PMC members and committers moving forwards. Yes. This was a mistake on our part as we should have been cautious on the permissions we provide for contributors. Going forward, we want to correct these permissions grants. We just want to make sure there is an avenue for us to request permissions. Thanks! On Wed, Jun 7, 2017 at 12:47 PM, Mark Thomas <ma...@apache.org> wrote: > On 07/06/17 18:04, Jagadish Venkatraman wrote: > > Hi Mark, > > > > Thanks for bringing this to our notice. > > > >>> This is because someone, going against ASF infrastructure policy, > > altered the permissions for the anonymous user allowing them write > > permissions > > > > Do we know when this occurred? I presume this was a lapse. > > It looks as if it was around the beginning of last month based on the > dates of the pages I removed. > > > > >>> A samza-dev user has been created and configured to watch the > > Samza wiki space for changes > > > > Sounds great! Does that mean that notifications for changes in the Samza > > wiki space will now be sent to this mailing list? > > This wasn't working. It looks like those notifications will need to go > to the commits list. I'll get that changed shortly and see if that fixes > the problem. > > >>> All users currently assigned permissions on the Samza wiki have had > all > > their permissions revoked except for viewing. > > > > We will re-assess all permissions, and set them up again. I'm assuming > > PMCs will still be able to do this? > > Not at the moment. PMC members currently have read access only. > > Given that admin privs are handed out to PMCs along with explicit > instructions not to change the permissions for the anonymous user, I'd > like to understand what went wrong in this case (with a view to ensuring > it doesn't happen again) before re-enabling admin permissions. > > There were also a bunch of people who are neither PMC members nor > committers who had admin privs on your space. I'd very much prefer to > see admin privs limited to active PMC members and committers moving > forwards. > > Mark > > > > > > Best, > > Jagadish > > > > On Wed, Jun 7, 2017 at 6:13 AM, Mark Thomas <ma...@apache.org > > <mailto:ma...@apache.org>> wrote: > > > > Dear Samza developer community, > > > > It has been brought to the infrastructure team's attention that your > > wiki [1] is covered in spam. This is because someone, going against > ASF > > infrastructure policy, altered the permissions for the anonymous user > > allowing them write permissions. > > > > During the investigation it was noticed that change notifications for > > your wiki were not being sent to a public mailing list so that the > > community could monitor all changes to the wiki. > > > > Therefore, the following actions have been taken: > > > > - All users currently assigned permissions on the Samza wiki have had > > all their permissions revoked except for viewing. > > > > - A samza-dev user has been created and configured to watch the Samza > > wiki space for changes > > > > Additionally, the spam pages will shortly be removed. > > > > Mark > > on behalf of the ASF infrastructure team > > > > [1] https://cwiki.apache.org/confluence/display/SAMZA/Apache+Samza > > <https://cwiki.apache.org/confluence/display/SAMZA/Apache+Samza> > > > > > > -- Navina R.
