[tor-bugs] #3158 [Company]: Need a clearer policy about who gets ldap accounts
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri May 13 03:35:00 UTC 2011
#3158: Need a clearer policy about who gets ldap accounts
---------------------+------------------------------------------------------
Reporter: arma | Owner: phobos
Type: defect | Status: new
Priority: normal | Milestone:
Component: Company | Version:
Keywords: | Parent:
Points: | Actualpoints:
---------------------+------------------------------------------------------
Comment(by rransom):
I noticed when I received access to the Tor Git server that I had read
access to the gitolite-admin repo, which contains the complete history of
the list of all Git repos on git-rw.tpo and who has access to them. (I
confirmed that I had read access using ‘git ls-remote’, not ‘git clone’ or
any other command that would have actually retrieved the repository
contents.) If there is anything sensitive in there, we should restrict
access to that repository before handing out LDAP accounts and Git access
to people we know less well.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3158#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list