On 11/30/2017 04:04 PM, Kevin Fenzi wrote: > On 11/29/2017 11:41 AM, Matthew Miller wrote: >> On Wed, Nov 29, 2017 at 02:35:13PM -0500, Dusty Mabe wrote: >>> ask for root access. Patrick explained to me that "you're asking for root >>> access", so yes then I said: "sure I guess i'm asking for root access". >>> You voiced concern. To curb that I suggested sudo rules for those things >>> I asked for in the original email. >> >> Some of the things (like restarting composes) will hopefully be solved >> in the F28 timeline by the releng automation stuff we've asked to be >> prioritized. > > Right. > > So, this is a long thread already, but I haven't chimed in yet, so I > guess I will here. Hey Kevin. Thanks for the response! > > I agree with Patrick for the most part, but it might be good to try and > see if we automate away or make somehow easier some of these pain points > rather than just adding another person to work on them. I'm a fan of solving the problem. I'm not tied to any particular solution :) IOW: me requiring root is not necessary if we can solve the problems other ways. > > I agree sudo rules could restrict things, but sometimes figuring out > those rules is not at all easy, and if you can do that, you often can > script things. Sure. There might be a theoretical way for me to break out of the sudo rules we put in place, but if it was found that I did that it would be a good enough reason for my access to be revoked. We also should consider that these sudo rules shouldn't need to be hardened to the point where we are allowing anyone to run them and thus need to prevent nefarious activity; we are talking about one person, who has a vested interest in not hosing Fedora. > > How about we grant those parts of this that were fine with Patrick (and > myself) and then see if we can more closely figure out how to fix the > rest of them or decide they can't be easily fixed and see what we can > do. Perhaps a meeting with Dusty and other folks involved sometime to > discuss them one at a time? (Although I am not sure when that would best > be... I guess in the new year). I agree. A session where we can brainstorm on this would be awesome. Any time works for me, but would prefer something within the next 6 weeks. Dusty _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx