Describe what you need us to do: In https://pagure.io/fedora-infrastructure/issue/7292 I wanted to add some Anitya users to configmap.xml as admins. But as pointed out by @jcline and @pingou this data should be kept private and not public. So it will be good to move these UUIDs in private ansible repo.
When do you need this? (YYYY/MM/DD)
When is this no longer needed or useful? (YYYY/MM/DD)
If we cannot complete your request, what is the impact? This published keys could be used to fake the identity of admins.
Just an idea. It will be probably better to remove these users from users table and let them login again to recreate the UUID. So the new is different then the one already added to configmap.xml.
users
configmap.xml
Can you explain to me what's private about a unique user ID who has admin privileges? Why does this need to be private?
@jcline Could you help me here? You told me that UUID should be sent by secure channel, but I'm not really sure why.
UUID should be sent by secure channel (not IRC) so that no one spoofs it and becomes an admin - privilege escalation. It doesn't mean that UUID is secret.
Oh, so this is my mistake than.
My apologies, you can close this now.
Yep, that's what I expected. Basically, we want to make sure that the UUID's added are added by legitimate people, but we don't really care about the secrecy of the values themselves.
@zlopez No problem, thanks for bringing it up, as it's good to make sure we're all on the same page.
Metadata Update from @puiterwijk: - Issue close_status updated to: Invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.