Marcus Meissner wrote:
4. Usernames or E-Mails may look deceiving.
Slightly misspelled usernames or e-mails of known good submitters could be used to gain your trust. Cross check.
Improvements to user management probably can / need to be done here.
This risk can be drastically reduced by making use of GPG signatures a must. Can osc be enhanced to sign the commits and submitrequests with user's GPG key? -- cheers, jano Ján Kupec YaST team ---------------------------------------------------------(PGP)--- Key ID: 637EE901 Fingerprint: 93B9 C79B 2D20 51C3 800B E09B 8048 46A6 637E E901 ---------------------------------------------------------(IRC)--- Server: irc.freenode.net Nick: jniq Channels: #zypp #yast #suse #susecz ---------------------------------------------------------(EOF)---