openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: Proposal: Improve security by limiting committer access in SVN
Date Thu, 04 Apr 2013 16:23:39 GMT
In previous generations of this kind of discussion, the ASF old-hands will point out that the
social process works quite well, folks don't do commits unless they feel qualified to do so,
and it is often the case that committers will request RTC (i.e., submit patches rather than
update the SVN) in contributing where they are not experienced or don't consider themselves

At the ASF this appears to be one of those, "if it is not broken, don't fix it."

There is still the concern about stolen credentials used to perform undetected malicious acts.
 If the oversight that the project naturally brings to bear on visible changes to the code
base is insufficient, I think the problem is greater than there being a possible exploit of
that inattention.  Mechanical solutions may be part of the disease, not the cure [;<).

 - Dennis

-----Original Message-----
From: Andrea Pescetti [] 
Sent: Thursday, April 04, 2013 08:57
Subject: Re: Proposal: Improve security by limiting committer access in SVN

Dave Fisher wrote:
> Let's focus only on adding one new authz list for the code tree.
> Call it openoffice-coders and populate it with those who HAVE any
> commit activity in the current code tree.

I checked feasibility with Infra. Summary:

1) LDAP is not the solution. Rule it out.

2) The only possible solution would be an authz rule like suggested by 
Dave here; however, Infra quite discourages it, mainly for maintenance 
reasons. This leads me to think we would need some good justifications 
for implementing this.

3) If the justification is security, then there are other privileges to 
monitor. Namely, every committer has shell access to, 
authenticated access to the Apache SMTP server and CMS privileges for 
the website, including publish operations.

For the record, the Subversion project has complex rules like Rob 
pointed out; but it's only a "social enforcement", i.e., all committers 
respect those limitations by their own choice; if you look at the 
technical level, every committer (all Apache committers) can commit code 
to the Subversion subtree.


To unsubscribe, e-mail:
For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message