[csw-maintainers] [policy] GPG Signing Key handling
Peter FELECAN
pfelecan at opencsw.org
Thu Feb 10 09:41:42 CET 2011
Ben Walton <bwalton at opencsw.org> writes:
> Excerpts from Peter FELECAN's message of Wed Feb 09 03:43:09 -0500 2011:
>
> Hi Peter,
>
>> > A question then should also be raised of whether "the board" is
>> > expected to hold a copy of *all* digital assets at all times.
>> > For example, the root password, and database master passwords, for
>> > every machine and service associated with opencsw. Currently, "the
>> > board" does not hold such things in a formal sense, and as far as I
>> > have heard, has no plans to do so as "a policy".
>>
>> You brought up a very interesting issue and I think that indeed the
>> board must have the root password and database master
>> passwords. However, this is not in the scope of this discussion.
>
> I agree with you on the database passwords (and other passwords of
> similar nature), but as I mentioned in my reply to Phil, I'm not sure
> it is the right of the OpenCSW foundation to demand root passwords for
> equipment that we don't own.
I thought mainly about database, mail and other privileged roles for
thing *owned* by the foundation which excludes the root passwords for
the build-farm servers.
> We're privileged to have these resources dedicated to our use. None
> of the sponsors are required to do this. It doesn't hurt to ask, but
> I personally would not want to force the issue if they say no. If we
> make demands such as this, they may reconsider their charity. Please
> let me know if you feel otherwise.
I'm letting you know that I don't feel otherwise.
--
Peter
More information about the maintainers
mailing list