Misc #21189
closed
Canonical Git server hardening
Description
I'm working hardening git.ruby-lang.org and ruby organization of GitHub in recent days. Our write grant policy is:
- Add account name and email address of git configuration to https://github.com/ruby/git.ruby-lang.org/blob/master/config/email.yml
- Add account name and public key to https://github.com/ruby/git.ruby-lang.org/blob/master/recipes/files/var/git/.ssh/authorized_keys
- (Optional) GitHub account with 1 and 2 configuration.
I found that some committers are incomplete or inconsistency configuration for Git server and GitHub.
I removed write grant of GitHub repository from the following users because they didn't register email.yml and authorized_keys.
- luislavena
- xibbar
- nahi
- haileys
- sonots
- gogotanaka
- gotoyuzo
- aamine
The following users didn't register their pubkeys into authorized_keys.
- drbrain
- eban
- gotoken
- seki
- suke
- wanabe
The following users didn't register their mail address into email.yml.
- charliesome
- dblack
- emboss
- funny_falcon
- gogotanaka
- hone
- kanemoto
- keiju
- kosako
- sonots
- tarui
- tmm1
- wyhaines
I will remove them from email.yml and authorized_keys.
I will recover your account if you hope to keep write grant of our Git server and GitHub. Please send your key and mail address to https://github.com/ruby/git.ruby-lang.org/.
Updated by hsbt (Hiroshi SHIBATA) 11 days ago
If you can't submit pull-request to https://github.com/ruby/git.ruby-lang.org/. Please use cvs-admin@ruby-lang.org with your information.
Updated by hsbt (Hiroshi SHIBATA) 11 days ago
- Status changed from Open to Assigned
- Assignee set to hsbt (Hiroshi SHIBATA)
Updated by hsbt (Hiroshi SHIBATA) 6 days ago
- Status changed from Assigned to Closed