Hi Ineiev, Then you need to educate about the new settings ... Would be nice to have grained permissions, might be for every single input field.
By using CSS class names may be, then you could just visit the appropriate page, inspect the HTML and then apply the desired permission: * read * write These all supporting user, group and others. Just like POSIX access control lists: https://www.usenix.org/legacy/publications/library/proceedings/usenix03/tech/freenix03/full_papers/gruenbacher/gruenbacher_html/main.html regards, Joël On Thu, Jan 28, 2021 at 8:38 PM Ineiev <ine...@gnu.org> wrote: > > Currently, Savannah serves all GPG keys registered in accounts > of group's members as the keyring of the respective group, > like [0]. > > This keyring doesn't work very well as a source of signing > keys of group's releases, because the group may have many more > members than persons who actually sign releases: any member can > carelessly register new keys without thinking about the impact > on the security of released files, and team's admins have to > but monitor the aggregated keyring---I don't believe anyone actually > does (also, people may have one key for getting encrypted personal > emails and another key for signing tarballs). > > In particular, the set of keys registered by members of 'emacs' > has quite a few very old keys, and one of them is dsa768; as far > as I understand, such keys aren't considered adequate these days. > if the bad ones crack such a key and replace files on a mirror > (I think it would be easier to setup a mirror and register it > on Savannah than to crack the key), they'll be able to get round > the signature verification for those who are unfortunate enough > to pick that mirror. > > Probably, it would be better if each group had a public area > where its admins (rather than every member) could post only keys > used for releases, like GnuPG does [1]. I've just pushed a patch > for it to the group-keyring branch [2]. > > What do people think? > > [0] https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=emacs > [1] https://www.gnupg.org/signature_key.html > [2] > https://git.savannah.gnu.org/cgit/administration/savane.git/log/?h=group-keyring
