diff options
| author | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
|---|---|---|
| committer | Nicolas Vigier <boklm@mageia.org> | 2013-04-14 13:46:12 +0000 |
| commit | 1be510f9529cb082f802408b472a77d074b394c0 (patch) | |
| tree | b175f9d5fcb107576dabc768e7bd04d4a3e491a0 /zarb-ml/mageia-discuss/20110307/003921.html | |
| parent | fa5098cf210b23ab4f419913e28af7b1b07dafb2 (diff) | |
| download | archives-master.tar archives-master.tar.gz archives-master.tar.bz2 archives-master.tar.xz archives-master.zip | |
Diffstat (limited to 'zarb-ml/mageia-discuss/20110307/003921.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/20110307/003921.html | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/20110307/003921.html b/zarb-ml/mageia-discuss/20110307/003921.html new file mode 100644 index 000000000..258b660eb --- /dev/null +++ b/zarb-ml/mageia-discuss/20110307/003921.html @@ -0,0 +1,145 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Membership handling ( was: Leave ) + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Membership%20handling%20%28%20was%3A%20Leave%20%29&In-Reply-To=%3C201103072038.03947.maarten.vanraes%40gmail.com%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="003914.html"> + <LINK REL="Next" HREF="003920.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Membership handling ( was: Leave )</H1> + <B>Maarten Vanraes</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Membership%20handling%20%28%20was%3A%20Leave%20%29&In-Reply-To=%3C201103072038.03947.maarten.vanraes%40gmail.com%3E" + TITLE="[Mageia-discuss] Membership handling ( was: Leave )">maarten.vanraes at gmail.com + </A><BR> + <I>Mon Mar 7 20:38:03 CET 2011</I> + <P><UL> + <LI>Previous message: <A HREF="003914.html">[Mageia-discuss] Membership handling ( was: Leave ) +</A></li> + <LI>Next message: <A HREF="003920.html">[Mageia-discuss] test xorg +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#3921">[ date ]</a> + <a href="thread.html#3921">[ thread ]</a> + <a href="subject.html#3921">[ subject ]</a> + <a href="author.html#3921">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>Op maandag 07 maart 2011 12:34:57 schreef Michael Scherer: +><i> On Mon, 7 Mar 2011 12:14:49 +0100, Wolfgang Bornath wrote: +</I>><i> > 2011/3/7 Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-discuss">misc at zarb.org</A>>: +</I>><i> >> This bring the question of account management, ie what should +</I>><i> >> we do with a account that is explicitely dropped ? +</I>><i> >> +</I>><i> >> Ie : +</I>><i> >> - disable fully +</I>><i> >> - leave it as it is now and : +</I>><i> >> - disable later +</I>><i> >> - leave forever usable +</I>><i> >> - disable partially ( ie remove from sensitives groups ( and so +</I>><i> >> define +</I>><i> >> what group is sensitive )) +</I>><i> >> +</I>><i> >> So what about last proposal ( remove from sensitive group ) and +</I>><i> >> disable +</I>><i> >> account +</I>><i> >> in 6 months / 1 year ? +</I>><i> > +</I>><i> > +1 +</I>><i> > +</I>><i> > We've seen it quite often that people re-discover old interests, +</I>><i> > hobbies, ex-wives, etc. So, a "sleep time" of 1 year is a good +</I>><i> > solution. +</I>><i> > +</I>><i> > next thing is to define which are "sensitive groups / access +</I>><i> > permissions". +</I>><i> +</I>><i> Depend on the havoc that could be done by someone stealing a unused +</I>><i> account. +</I>><i> +</I>><i> Someone posting on the forum under a false name will generate lots of +</I>><i> drama, +</I>><i> but nothing critical. The same goes for bugzilla, or any ml. +</I>><i> Now, someone moderating a forum and wrecking havoc would be +</I>><i> more problematic. The same goes for svn/git/packages/translation/etc. +</I>><i> +</I>><i> Maybe it is simple to remove membership from all group, except those +</I>><i> seen as +</I>><i> unsensitive ? ( ie, everything except default users group ). +</I>><i> +</I>><i> We also need to see when do we remove such access. IE, if someone after +</I>><i> X months +</I>><i> decide to find interest into doing stuff that requires Y privileges, +</I>><i> what should happen ? +</I>><i> +</I>><i> - let him do it without asking ( keep Y privileges ) +</I>><i> - need to ask to have his privileges back +</I>><i> - need to redo the whole system from start ? +</I>><i> +</I>><i> I guess that depending on X and Y, of course, and so we need to have +</I>><i> first a list +</I>><i> of Y. +</I>><i> +</I>><i> Let's try with that : +</I>><i> - commit to developper svn +</I>><i> - commit to packages svn +</I>><i> - submit packages +</I>><i> - commit to web svn +</I>><i> - modifiy ldap +</I>><i> - do sysadmin stuff ( log everywhere, touch to config ) +</I>><i> - planet subscription +</I>><i> ( insert bugzilla stuff ) +</I>><i> ( insert blog privs ) +</I>><i> ( insert i18n stuff ) +</I>><i> ( insert forums stuff ) +</I>><i> ( isert missing stuff ) +</I>><i> +</I>><i> I assume that we can all agree that a leader/deputy/board member +</I>><i> resiging will have +</I>><i> board/leader/deputy access removed. +</I> +[...] + +perhaps the user can just opt-out in identity, which could result in: + - removal of userPassword attribute, effectively disabling login + - and setting a disabled flag in LDAP, which could be taking into account in +each application. + - removal of membership in groups is also an idea. but we'd have to find out +if there is no "accountability from the past" issue. + +this would have the benefit of rejoining at a later time AND the accountability +from the past of stuff doesn't disappear. + +eg: suppose appl X logs what user Y does, and does so with the LDAP reference. + +if the ldap entry really is deleted, stuff might go wrong. + +just an idea. +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="003914.html">[Mageia-discuss] Membership handling ( was: Leave ) +</A></li> + <LI>Next message: <A HREF="003920.html">[Mageia-discuss] test xorg +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#3921">[ date ]</a> + <a href="thread.html#3921">[ thread ]</a> + <a href="subject.html#3921">[ subject ]</a> + <a href="author.html#3921">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |