On Thu Oct 09 00:09:25 2014, sbonazzo@redhat.com wrote:

Il 08/10/2014 18:18, Red Hat Product Security ha scritto:

...

On Wed Oct 08 08:35:15 2014, sbonazzo@redhat.com wrote:

...

Il 08/10/2014 12:02, Ohad Basan ha scritto:

...

Hello everyone.

I've created a small job (not yet enabled) that gets an rpm and then deploys it to the static repo at resources.ovirt.org for this I've sent this patch http://gerrit.ovirt.org/#/c/33863/ that will add the "resources" user. it will have permissions only for the static rpms directory and will scp the files to there. is it acceptable by everybody security-wise?

Adding security list to the loop.

Hi, thanks for this. I'm a bit confused though. Is this pertaining to the infrastructure for the oVirt project, or is this code going into the oVirt code itself that is then consumed by downstream users? I only ask because of the reference to resources.ovirt.org so I'm unsure whether this is a code question or an infrastructure question.

Can you please advise?

It's infrastructure question

Ok, that's what I thought. Being entirely unfamiliar with the infrastructure it _sounds_ reasonable to me, but this is probably the sort of question that should go to infosec@redhat.com as they deal with our infrastructure security (whereas Product Security just deals with our products' security). Would you mind reaching out to infosec to ask? -- Vincent Danen / Red Hat Product Security