Time  Nick      Message
16:28 pdurbin_m bear: new wording and screenshot: https://github.com/mozillascience/site/issues/11#issuecomment-74869744
16:29 pdurbin_m dotplus: ^^
16:33 pdurbin_m makes it much more clear just how much access is being requested
16:33 pdurbin_m which is quite a lot in this case
16:35 dotplus   yeah. I don't really know about mozillasciencelab, it sounds like some "better collaboration between researchers" thing, which is probably a good thing in the abstract. But if their "core functionality" requires giving them read to my private orgs and read/write to my public, then they're doing it wrong.
16:35 dotplus   At least if I understand this correctly. Verify my understanding with this example, please?
16:37 pdurbin_m dotplus: they are a really cool and trustworthy org
16:37 dotplus   Say I'm an owner of a major open source project's repo, such as Drupal or whatever and I sign up for mozilla science like this. This means (among other consequences) I've just given _commit rights_ to the Drupal to mozilla science?
16:38 pdurbin_m dotplus: sounds like they want to be able to *create* a repo: https://github.com/mozillascience/site/issues/11#issuecomment-74883031
16:39 dotplus   if that example is correct, then this is so far beyond the principle of least privilege that it, ipso facto, is a signal for Bad Security Awareness on the part of MozSci.
16:42 dotplus   a 10' pole is too close for me to go near it. No matter how cool and trustworthy they are, I, as a owner/committer on <foo> project, would be violating my responsibility as such, if I were to authorize MozSci in this way - *unless* I (we, the foo project) would otherwise grant MozSci the commit bit.
16:42 dotplus   It stinks of unintended consequences at best.
16:43 dotplus   of course, if my example is wrong, then I'll happily downgrade my vitriol to: "whoa, this is confusing and *looks bad*"
17:37 pdurbin_m dotplus: I hear you. :)
17:38 dotplus   out of interest, is my example correct or not?
18:20 pdurbin_m dotplus: well, even a non-owner, a member of a read only team, could authorize the access, if the owner is still using the defaults
18:20 pdurbin_m (I think)
18:21 pdurbin_m bear: which is why you switched away from the default setting
18:21 pdurbin_m which every owner should do
18:23 dotplus   and therefore why it shouldn't *be* the default
18:46 pdurbin_m right
19:36 semiosis  anyone know an ios developer looking for full time work remote or in Miami, FL?
19:36 semiosis  PM me please
23:30 dotplus   that reminds me... have I tried to recruit here?
23:31 bene      heh
23:34 dotplus   we're looking for a) openstack devs (basically expertise in python or javascript) who are or want to be openstack devs b) experienced ops folks with strength in Config Mgmt, at least some demonstrable scripting and lots of Doing it Right.
23:35 dotplus   Offering good to very good money, benefits, open to remote, smart coworkers, beer keg in the office, little to no politics, etc. etc.
23:40 dotplus   ok, while I'm not kidding about the beer kegs, that's hopefully not a big factor:)