On Tue, March 10, 2009 7:07 am, Duncan wrote: > Gordon Malm <gen...@gentoo.org> posted > 200903091617.48682.gen...@gentoo.org, excerpted below, on Mon, 09 Mar > 2009 16:17:48 -0700: > >> There is an important security aspect to retiring folks - commit >> abilities. Perhaps in the case a dev wants to contribute but cannot in >> the near future their commit privs can just be revoked until such time >> they ask for them to be turned back on? I guess that would be an >> 'extended devaway' ? >
[...] > We don't want some still active authorization and key > from two years ago getting stolen and used to try to slip a bad commit > under the radar [...] With some devs reviewing gentoo-commits@, I highly doubt that this commit could go unnoticed more than a few hours. -- Pierre-Yves Rofes Gentoo Linux Security Team