Time Nick Message 16:28 pdurbin_m bear: new wording and screenshot: https://github.com/mozillascience/site/issues/11#issuecomment-74869744 16:29 pdurbin_m dotplus: ^^ 16:33 pdurbin_m makes it much more clear just how much access is being requested 16:33 pdurbin_m which is quite a lot in this case 16:35 dotplus yeah. I don't really know about mozillasciencelab, it sounds like some "better collaboration between researchers" thing, which is probably a good thing in the abstract. But if their "core functionality" requires giving them read to my private orgs and read/write to my public, then they're doing it wrong. 16:35 dotplus At least if I understand this correctly. Verify my understanding with this example, please? 16:37 pdurbin_m dotplus: they are a really cool and trustworthy org 16:37 dotplus Say I'm an owner of a major open source project's repo, such as Drupal or whatever and I sign up for mozilla science like this. This means (among other consequences) I've just given _commit rights_ to the Drupal to mozilla science? 16:38 pdurbin_m dotplus: sounds like they want to be able to *create* a repo: https://github.com/mozillascience/site/issues/11#issuecomment-74883031 16:39 dotplus if that example is correct, then this is so far beyond the principle of least privilege that it, ipso facto, is a signal for Bad Security Awareness on the part of MozSci. 16:42 dotplus a 10' pole is too close for me to go near it. No matter how cool and trustworthy they are, I, as a owner/committer on project, would be violating my responsibility as such, if I were to authorize MozSci in this way - *unless* I (we, the foo project) would otherwise grant MozSci the commit bit. 16:42 dotplus It stinks of unintended consequences at best. 16:43 dotplus of course, if my example is wrong, then I'll happily downgrade my vitriol to: "whoa, this is confusing and *looks bad*" 17:37 pdurbin_m dotplus: I hear you. :) 17:38 dotplus out of interest, is my example correct or not? 18:20 pdurbin_m dotplus: well, even a non-owner, a member of a read only team, could authorize the access, if the owner is still using the defaults 18:20 pdurbin_m (I think) 18:21 pdurbin_m bear: which is why you switched away from the default setting 18:21 pdurbin_m which every owner should do 18:23 dotplus and therefore why it shouldn't *be* the default 18:46 pdurbin_m right 19:36 semiosis anyone know an ios developer looking for full time work remote or in Miami, FL? 19:36 semiosis PM me please 23:30 dotplus that reminds me... have I tried to recruit here? 23:31 bene heh 23:34 dotplus we're looking for a) openstack devs (basically expertise in python or javascript) who are or want to be openstack devs b) experienced ops folks with strength in Config Mgmt, at least some demonstrable scripting and lots of Doing it Right. 23:35 dotplus Offering good to very good money, benefits, open to remote, smart coworkers, beer keg in the office, little to no politics, etc. etc. 23:40 dotplus ok, while I'm not kidding about the beer kegs, that's hopefully not a big factor:)