Thanks patrick for the response. I'm going to cut/snip individual pieces to respond to some more specific questions/comments and then try to summarize at the end. > I already asked three months ago for SOP's on how the ostree stuff works, and learning materials for releng, but have so far not seen those (https://pagure.io/releng/issue/6984#comment-460533 and some meetings). > I might have missed them, but if you have those resources, other releng folks can help with more things, which would massively speed things up. I wholeheartedly agree and I plan on getting those SOPs written. I'd actually like to do a workshop (maybe at the next hackfest) for everyone. > The permissions you would need to do the things you requests *do* allow you to do "willy nilly" what you want. What I was trying to say is that I'm not planning to abuse the power. If I abuse power then revoke access. I'm really not the type of person that makes changes without asking people. I would probably make a lot of noise before doing something without waiting for input from others and I would only do it if I thought it was critical. > E.g. access to modify ostree repos manually require full write access to /mnt/koji and /pub. > I have tried to point out the specific pieces of access I would be fine with, but personally I am really not happy with the large set of permissions requested, and a set of them I would really be uncomfortable with. > One of the reasons for that feeling from me is the number of things we have needed to do ad-hoc to ostree repositories, like resetting refs etc, because the version numbers got out of step due to ostree bugs. I agree that there have been some issues with ostree, but I think there have been a fair number of issues from the releng/infra side that have caused ostrees to get out of sync as well. Fortunately when we switch to smart versioning this will matter less and we can deal with ostree bugs or releng/ infra transient issues with more grace. So in summary from your response I gather I am requesting: - Releng group on Pagure - Running specific playbooks - admin in koji - root on compose boxes - root on bodhi-backend01 - sysadmin-fedimg - sysadmin-releng - Access to all signing keys I'll actually remove two items from that list: - Access to all signing keys - admin in koji I really don't want access to signing keys; I understand why that needs to be locked down as much as possible. Also, I don't really think I need admin in koji assuming root on compose box will allow me to kick off things I need to. For the rest I really don't see why it's not OK. Basically it comes down to two issues I can see (let me know if there are others): - trust - competence If I can't be trusted by now then that is unsettling and discouraging to me. As for competence, I guess that depends on who you ask, but I'd like to think I would pass that bar as well. Dusty _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
