On Tue, Jun 10, 2008 at 09:14:35PM +0200, Magnus Hagander wrote:
> David Fetter wrote:
> > On Fri, Jun 06, 2008 at 01:54:43PM +0200, Peter Eisentraut wrote:
> >> The plan is to try out gitosis for account management.
> >
> > It's an interesting plan, but it's one that's preventing people
> > from using the service. How about shelving that plan for the
> > moment and handing out access as needed to developers? :)
>
> Please don't. Handing more access out in an uncontrolled way will
> give us a lot more work cleaning things up later.
With respect, I must disagree. This resource is incredibly easy to
maintain--and practically useless--because nobody can get on there.
If somebody or somebodies here is thinking about some kind of single
sign-on[1] system for developers, let's discuss that separately. I
don't recall anybody deciding that we were going to use one, and I
certainly don't recall that it's been decided that that decision gates
access to git.postgresql.org.
Cheers,
David.
[1] For me, "single sign-on" reads as "high-value target" from an
attacker's point of view, and I generally think the convenience isn't
worth the cascading failure modes such systems have.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
