openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: Proposal: Improve security by limiting committer access in SVN
Date Thu, 04 Apr 2013 20:16:20 GMT
You're *still* understating the extent of the ceremony.  They had to go through everything
a subsequently-invited committer had to do, even though Sam Ruby provided the initial instructions.
 But thanks for mentioning the iCLA.  That is an useful object to have on file in tracking
down a possible credentials exploit.

I agree that there are those who never showed up after being established.  Rob apparently
knows who they are.  I assume that any commits from those (maybe even logons anywhere) will
raise vigilant eyebrows.  For double measure, Andrea should have the list, posted on private@
too and maybe filed in the PMC-private area.  That should establish adequate oversight.

There are also a few committers who have announced their resignation and not since rescinded
it.  Put those on that "watch list" also.

I don't know what is to be done if any of those have used e-mail addresses
in their iCLA and as their @a.o forwarding address.  I suppose those are the best to attempt
impersonating.  The first act to be accessing the profile of an user -- thus confirming the
credential -- and changing the forwarding address.  Then opting-in should be relatively easy,
especially if the original @a.o-holder is not watching any lists here.  Having done that,
a malefactor can proceed to establish a PGP signature verified for the @a.o too.

So, to lock this door, it is *really* necessary to lock-down those committer profiles and
remove their authz everywhere.  To be reinstated, it is probably necessary to convince the
Secretary of the ASF that the request is authentic.

 - Dennis

-----Original Message-----
From: Rob Weir [] 
Sent: Thursday, April 04, 2013 12:54
Subject: Re: Proposal: Improve security by limiting committer access in SVN

[ ... ]

But with OpenOffice, there was a two week period of time when we rapidly
bootstrapped the community by making people committers automatically, on
day 1.  All they had to do is put their name on a wiki page and return an
ICLA and they were committers.  No vetting, no vote.  Quite a few of them
never got involved in the project in even the least degree.  So we have
these phantom community members, with authorization to change the source



[ ... ]

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message