[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Meeting Minutes, FTPMaster meeting March 2011

On Wed, Mar 30, 2011 at 12:16:00PM +0200, Philipp Kern wrote:
> On Wed, Mar 30, 2011 at 11:55:39AM +0200, Bastian Blank wrote:
> > Why do you want one keyring per arch? What problem are you trying to
> > solve with this?
> I think it's called principle of least privilege.  Of course we could also let
> all buildd admins add arbitrary keys for any architecture and hope that it
> isn't abused, given that you're able to upload from anywhere in the world
> using the key.

They still can use their personal keys to do the uploads, so I don't
really see the difference.

> (But then everyone who adds keys for his machines at home will just get his
> privileges revoked anyway.  Question is if harm is done at that point already.)

And it would be acceptable if a person in the wbadm group would do the
same?

This keyring adds new keys with a subset of permissions of the personal
key of the requestor. It still can be traced properly to the "owner". So
what harm should be done?[1]

Bastian

[1] Personally I have signing subkeys. This is a similar concept.
-- 
Behind every great man, there is a woman -- urging him on.
		-- Harry Mudd, "I, Mudd", stardate 4513.3
Reply to: