Re: Salsa as authentication provider for Debian
Hi,
On 4/8/20 2:30 PM, Bastian Blank wrote:
n Wed, Apr 08, 2020 at 07:50:22PM +0800, Shengjing Zhu wrote:
>> 1. Can you still keep the "-guest" enforcement, so it's still easy to
>> recognize who is DD or not on salsa?
>
> No. The guest suffix was meant to avoid collisions with Debian
> accounts. And the tool used to enforce it is unmaintained.
>
> Also the only place that can for sure answer if someone is DD is
> nm.debian.org, not Salsa.
actually I see that as a big security risk. I the easiest case you'll
has a username that looks similar to one of a DD and that (malicious)
user is added to a project as the project admin thinks that use is a DD
and assumes that a DD can be trusted.
Having an easy way to identify DDs and non-DDs is a must imho.
Beeing able to keep your account and while getting rid of the -guest
when you become a DD would be an extra bonus.
Bernd
--
Bernd Zeimetz Debian GNU/Linux Developer
http://bzed.de http://www.debian.org
GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
Reply to: