On 2011-05-31 05:09, Robert Collins wrote:
I think having different service accounts for these things is sensible
for a couple of reasons.
One is separation of concerns: its much easier to have a tightly
scoped role than to have one mega-powerful service account. If that
account were to be compromised, messy stuff would happen. Managing
more credentials is a tradeoff, of course.
I don't see that risk, since we're talking about a Person here, a
nominal user identity to represent Launchpad — not an Account with login
credentials that could act on Launchpad's behalf in any technical sense.
I don't think a Launchpad persona would need any special privileges at
all: it just needs to sit there and be considered the registrant,
author, owner, etc. of stuff.
The reality is that we already have what I'm asking for, because we
can't do without it. Except we call it the Janitor, which is
appropriate in some cases and confusing in others.
Jeroen
_______________________________________________
Mailing list: https://launchpad.net/~launchpad-dev
Post to : launchpad-dev@lists.launchpad.net
Unsubscribe : https://launchpad.net/~launchpad-dev
More help : https://help.launchpad.net/ListHelp
