[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian github organization ?

Ben Caradoc-Davies <ben@transient.nz> writes:

> On 19/07/15 23:36, Florian Weimer wrote:
>> The single account policy means that users
>> would have to share authentication information across different roles,
>> which may not be acceptable.
> I am not sure why this would be unacceptable to anyone. Authentication
> is your ability to prove who you are. GitHub accounts provide
> this. Authorization is your permission to commit to repositories. Your
> authorization to commit to one repository has no effect on other
> repositories to which you have commit access.

I can very well see how this could be an issue to some.  I at least keep
a relatively strict separation between my work-related accounts and
everything I do privately.  That obviously applies to ssh keys for me.
A security breach at work will not compromise my Debian access tokens,
and vice versa.  While this is pretty obvious to me regarding ssh keys,
if that doesn't do it for you yet, try imagining to have the same
*password* for your work and Debian accounts.  These are things that
should be avoided IMO.

And if you are forced to share a GitHub account across organisations,
you loose your ability to have a bit of separation.


Attachment: pgpMV6x3j_kYa.pgp
Description: PGP signature

Reply to: