Hi, Kristian! On Nov 06, Kristian Nielsen wrote:
I am sad - and hurt - that you consider my involvement a security risk. I was always heavily involved in maintaining our repositories and other infrastructure, ever since the very start of MariaDB early 2009.
Kristian, I consider everyone's involvement a security risk :) I believe that to reduce the "defence perimeter", only admins should have the admin access. But I certainlly trust you to be one of them, so if you'd want have owner access for mariadb org on github, you can have it, I think. That would mean actually using it, making changes as needed, on a regular basis. I'll probably step back then myself, one responsibility less for me :) Four active owners should be enough to maintain mariadb on github. Even three is enough.
If your personal goal is to restrict people's access as much as possible, all I can say is that it is not how I understand open source. But I doubt I would be able to find many allies to contest your point of view.
Not exactly. I've said in an earlier email that I'd rather made all the admin information visible for everyone - there is nothing there that should be hidden (besides authentication tokens, obviously). So I'd prefer it as open as possible - but read-only. World-readable, not world-writable. Regards, Sergei Chief Architect MariaDB and security@mariadb.org