| Thread Previous • Date Previous • Date Next • Thread Next |
On 2011-05-31 05:09, Robert Collins wrote:
I think having different service accounts for these things is sensible for a couple of reasons. One is separation of concerns: its much easier to have a tightly scoped role than to have one mega-powerful service account. If that account were to be compromised, messy stuff would happen. Managing more credentials is a tradeoff, of course.
I don't see that risk, since we're talking about a Person here, a nominal user identity to represent Launchpad — not an Account with login credentials that could act on Launchpad's behalf in any technical sense. I don't think a Launchpad persona would need any special privileges at all: it just needs to sit there and be considered the registrant, author, owner, etc. of stuff.
The reality is that we already have what I'm asking for, because we can't do without it. Except we call it the Janitor, which is appropriate in some cases and confusing in others.
Jeroen
| Thread Previous • Date Previous • Date Next • Thread Next |
