On Tue, March 10, 2009 7:07 am, Duncan wrote:
> Gordon Malm <gen...@gentoo.org> posted
> 200903091617.48682.gen...@gentoo.org, excerpted below, on  Mon, 09 Mar
> 2009 16:17:48 -0700:
>
>> There is an important security aspect to retiring folks - commit
>> abilities. Perhaps in the case a dev wants to contribute but cannot in
>> the near future their commit privs can just be revoked until such time
>> they ask for them to be turned back on?  I guess that would be an
>> 'extended devaway' ?
>

[...]

>  We don't want some still active authorization and key
> from two years ago getting stolen and used to try to slip a bad commit
> under the radar [...]

With some devs reviewing gentoo-commits@, I highly doubt that this commit
could go unnoticed more than a few hours.

-- 
Pierre-Yves Rofes
Gentoo Linux Security Team




Reply via email to