maria-developers team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Kristian!

On Nov 06, Kristian Nielsen wrote:
> 
> I am sad - and hurt - that you consider my involvement a security
> risk. I was always heavily involved in maintaining our repositories
> and other infrastructure, ever since the very start of MariaDB
> early 2009.

Kristian, I consider everyone's involvement a security risk :)
I believe that to reduce the "defence perimeter", only admins should
have the admin access.

But I certainlly trust you to be one of them, so if you'd want have
owner access for mariadb org on github, you can have it, I think. That
would mean actually using it, making changes as needed, on a regular
basis.

I'll probably step back then myself, one responsibility less for me :)
Four active owners should be enough to maintain mariadb on github. Even
three is enough.

> If your personal goal is to restrict people's access as much as
> possible, all I can say is that it is not how I understand open
> source. But I doubt I would be able to find many allies to contest
> your point of view.

Not exactly. I've said in an earlier email that I'd rather made all the
admin information visible for everyone - there is nothing there that
should be hidden (besides authentication tokens, obviously).

So I'd prefer it as open as possible - but read-only. World-readable,
not world-writable.

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx