maria-developers team mailing list archive
Mailing list archive
Re: security spring cleaning in MariaDB org on github
On Nov 06, Kristian Nielsen wrote:
> I am sad - and hurt - that you consider my involvement a security
> risk. I was always heavily involved in maintaining our repositories
> and other infrastructure, ever since the very start of MariaDB
> early 2009.
Kristian, I consider everyone's involvement a security risk :)
I believe that to reduce the "defence perimeter", only admins should
have the admin access.
But I certainlly trust you to be one of them, so if you'd want have
owner access for mariadb org on github, you can have it, I think. That
would mean actually using it, making changes as needed, on a regular
I'll probably step back then myself, one responsibility less for me :)
Four active owners should be enough to maintain mariadb on github. Even
three is enough.
> If your personal goal is to restrict people's access as much as
> possible, all I can say is that it is not how I understand open
> source. But I doubt I would be able to find many allies to contest
> your point of view.
Not exactly. I've said in an earlier email that I'd rather made all the
admin information visible for everyone - there is nothing there that
should be hidden (besides authentication tokens, obviously).
So I'd prefer it as open as possible - but read-only. World-readable,
Chief Architect MariaDB