On 25/04/2012 03:52, Pedro Sanchez wrote:
It really amazes me how much we distrust the people who have been
doing a great work (otrs admins, ombudsmen, etc).
And all upon contrived hypothetical scenarios. "And how about one of
the root-access devs is secretly working for the goverment of... is
anyone working on a solution for this?"
On 25/04/2012 20:35, Casey Brown wrote:
Nothing will ever be perfect though. For example, the mailman mailing
list that they currently use can easily be accessed by anyone with the
root mailman password. The list of people with that password is very
small -- and is mostly restricted to sysadmins and high-level staffers
-- but there are still people who can hypothetically access it without
anyone knowing. It's more an issue of minimizing risk than eliminating
it.
The main difference is the target of an ombudsman commission
investigation are generally not (if at all) sysadmin, but CU,
bureaucrat, admin, abcom & oversight. Out of the 12 OTRS admin, 5 are
oversighter with 3 CU, and multiple bureaucrat & admins. Having the main
potential target of your investigation able to access your primary
communication channel used to discuss such investigation without audit
record is just not a good idea.
Of course it's all very well believing in the good work and ethics of
those currently with those type of rights. However it's a different
issue entirely to assume there will never be a bad apple. If that's your
attitude, then it have to follow that you believe the ombudsman
commission is superfluous.
KTC
--
Experience is a good school but the fees are high.
- Heinrich Heine