Hi Traneptora

On Wed, Nov 13, 2024 at 12:29:22PM -0500, Leo Izen wrote:
> On 11/9/24 11:18 AM, Michael Niedermayer wrote:
> > Hi all
> > 
> > Should we disable git accounts for developers who have not been active since
> > a long time (like 10 years) ?
> > 
> > (if these developers come back, the account would then be enabled again)
> > but disabling such accounts may improve security (lots of "if" here but
> > assuming they loose their key, assuming whoever gets hold of the key
> > has interrest and ability to attack ffmpeg and and and, the risk here
> > is likely low but not 0)
> > 
> > thx
> 
> Yes, clearly, but an issue has come up that apparently we don't know who has
> access to our infrastructure. How do we not know this?
> 
> When michael gave me push access, he asked for my SSH public key, presumably
> to add to an authorized_keys file somewhere. I presume since he has write
> access to this file, he can also read it.

We use gitolite
gitolite uses git itself to trak all changes to who has what access to what
repository

There is a authorized_keys file but that is build by hooks from gitolite
out of the gitolite config and keys.

previously gitosis was used but its basically the same

so there are no unlabeled keys, its all there just not in an machiene parsable 
list
for example your key addition looks like this:

commit 149f636328a060c814a429af7e4df40ad20e0e4d (origin/master, origin/HEAD, 
last-master)
Author: Michael Niedermayer <mich...@niedermayer.cc>
Date:   Tue Jan 24 18:01:21 2023 +0100

    Add Leo Izen <leo.i...@gmail.com> to FFmpeg

    Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

 gitosis.conf       | 2 +-
 keydir/leoizen.pub | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Democracy is the form of government in which you can choose your dictator

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Reply via email to