[Savannah-hackers] Re: savannah account

[Thien-Thi Nguyen]

Mathieu Roy <address@hidden> writes:

   Recently, after the fencepost compromission, many accounts permiting
   full access to subversions that seemed useless were restricted. While
   someone wants to use savannah, he normally does not need to have a
   complete access to subversions. Giving to everyone shell account is
   creating security holes.

   Anyway, if someone need access to this computer for a reason or
   another, he just have to say why. It doesn't seem weirdy, does it?

no, it's never wrong to ask, but sometimes it's easier to ask the
machine than to ask people.  tb explains how to use grep in the next
mail, for example.  by doing so you practice separation of the ideal
(shell account implies security hole so as a matter of policy it might
be better not to give out such accounts too readily) and the real (tb
already has a shell account from ages past for whatever reason).  even a
god must look first before throwing lightning, no?  even a god does not
demand the mossy rock to explain its moss.

   This is not really an exception that someone have a particular
   account and particular rights. But while someone have problems using
   savannah, if he thinks he have a special access but havent any
   informations about it, we can think that he does not really requires
   this special access and so it is really possible that he does not
   anymore have this special access.

everybody is special in their own eyes.  because you can become root,
you have the best insight into how exactly they are special if at all.
whatever is possible and probable, you have the tools (or can write
them) to tell the full story both before your actions and after.  to
implement the policy is to be a the shovel.  to shape the policy
adaptively is to be the gardener.  the gifted gardener follows the
instructions on the seed package but still finds a way to crawl around
and sniff out the peculiarities of his exceptional garden.

thi