On 18. 03. 21 11:14, Pavel Zhukov wrote:
So... Looks like the ex-admin of the package was able to orphan one
somehow and by doing this drop the current admin from the member
list. Looks like a bug if not a security hole for me.
An "admin" can remove admins. I don't think that is necessarily an
unexpected
permission of an admin.
I'd argue that the security hole lies in keeping users you don't trust as admins.
--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok