Hi Traneptora On Wed, Nov 13, 2024 at 12:29:22PM -0500, Leo Izen wrote: > On 11/9/24 11:18 AM, Michael Niedermayer wrote: > > Hi all > > > > Should we disable git accounts for developers who have not been active since > > a long time (like 10 years) ? > > > > (if these developers come back, the account would then be enabled again) > > but disabling such accounts may improve security (lots of "if" here but > > assuming they loose their key, assuming whoever gets hold of the key > > has interrest and ability to attack ffmpeg and and and, the risk here > > is likely low but not 0) > > > > thx > > Yes, clearly, but an issue has come up that apparently we don't know who has > access to our infrastructure. How do we not know this? > > When michael gave me push access, he asked for my SSH public key, presumably > to add to an authorized_keys file somewhere. I presume since he has write > access to this file, he can also read it.
We use gitolite
gitolite uses git itself to trak all changes to who has what access to what
repository
There is a authorized_keys file but that is build by hooks from gitolite
out of the gitolite config and keys.
previously gitosis was used but its basically the same
so there are no unlabeled keys, its all there just not in an machiene parsable
list
for example your key addition looks like this:
commit 149f636328a060c814a429af7e4df40ad20e0e4d (origin/master, origin/HEAD,
last-master)
Author: Michael Niedermayer <mich...@niedermayer.cc>
Date: Tue Jan 24 18:01:21 2023 +0100
Add Leo Izen <leo.i...@gmail.com> to FFmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
gitosis.conf | 2 +-
keydir/leoizen.pub | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Democracy is the form of government in which you can choose your dictator
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
