Random thoughts/crazy idea: Drop SSL certs
Colin Walters
walters at verbum.org
Mon Apr 27 14:21:57 UTC 2015
On Mon, Apr 27, 2015, at 09:45 AM, Pierre-Yves Chibon wrote:
>
> This has lead me to the question: Is this all what SSL certs are bringing us?
I think the ability to do a commit should be thought of as equivalent to the ability
to do a build - because anyone who can commit something to a package will
cause it to be implicitly included in the build that another person does
That implies build access should be gated by SSH key, not by API token or
SSL certificate. (Or alternatively the commit authentication method changed
to match whatever is chosen for build)
More information about the rel-eng
mailing list