msalle
msalle
Looks fine to me. Perhaps we should come up with some standardized bug severity and/or priority levels. It seems we don't have that yet (no labels at least).
> Indeed. Do you have a proposal? For some inspiration I had a look at (Open)SUSE, RedHat, Debian: (Open)SUSE - priority levels: `None`, `Low`, `Medium`, `High`, `Urgent` and `Critical (situation)`...
Not sure we'll ever need `critical` (certainly hope we won't) but could also be non-security. Basically something that makes a tool completely unusable. In any case, if we don't need...
Not sure if any of these are still relevant, but there are still some references to old documentation at globus.org. - [xio/drivers/gsi/globus_xio_gsi.h#L108](https://github.com/gridcf/gct/tree/master/xio/drivers/gsi/globus_xio_gsi.h#L108) - [common/source/programs/globus-sh-exec.in#L90](https://github.com/gridcf/gct/tree/master/common/source/programs/globus-sh-exec.in#L90) - [gsi/cert_utils/source/programs/grid-cert-info.in#L84](https://github.com/gridcf/gct/tree/master/gsi/cert_utils/source/programs/grid-cert-info.in#L84) - [gsi/cert_utils/source/programs/grid-change-pass-phrase.in#L69](https://github.com/gridcf/gct/tree/master/gsi/cert_utils/source/programs/grid-change-pass-phrase.in#L69) - [packaging/fait_accompli/installer.INSTALL](https://github.com/gridcf/gct/tree/master/packaging/fait_accompli/installer.INSTALL)...
I'd say for service accounts this is ok, since you can in any case revoke the RT. For end-users we probably would want the user to prove they're still around...
That sounds reasonable. The question is whether it's not really the same as having (configurable) a non-expiring RT (i.e. RT with infinite lifetime) for those use-cases? The latter would probably...
It would protect for certain scenarios but also introduce new weaknesses. In general, using non-standard mechanisms (*automatically* refreshing in the background) is making it harder to follow what is going...
True, I'm probably discussing a slightly different issue than what you described so perhaps this is more for the TTT WG. I'm thinking about the allowing of renewal beyond the...
Just to make sure I understand correctly: the IAM account will get disabled when the user is no longer in the CERN HR DB right? (this to prevent the user...
I notice 3 tests are failing, but I have no clear idea why: - One is failing to do a git checkout - the other two have to do with...