[tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri May 13 03:21:52 UTC 2011
#3158: Need a clearer policy about who gets ldap accounts
---------------------+------------------------------------------------------
Reporter: arma | Owner: phobos
Type: defect | Status: new
Priority: normal | Milestone:
Component: Company | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------+------------------------------------------------------
Comment(by Sebastian):
Replying to [ticket:3158 arma]:
> I believe one needs a tor ldap account in order to get a tor git repo.
True/false?
true
> A while ago there was a concern about giving ldap accounts to people
just to give them a git repo: "doesn't having an ldap account mean you can
access systems you shouldn't need to access?" I believe it was resolved
with "no, the list of who can access which system is a separate list."
The concern is more that anyone who has an ldap account with git access
has git access, so if they pwn git they can clobber all our official
repositories without any additional linux exploit.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3158#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list