On Tue, Mar 10, 2009 at 05:55:47PM +0100, Patrice Dumas wrote: >On Tue, Mar 10, 2009 at 12:42:10PM -0400, Josh Boyer wrote: >> >> None of those groups are CVS ACL groups from what I remember. >> >> The members of some of those groups have cvsadmin, which is higher than >> provenpackager. Being a part of those groups does not immediately grant >> you cvsadmin priviledges though. > >So, what I am more or less proposing is that people in these groups >first try to become provenpackager and then can be in the cvsadmin group >based on another process. This would certainly add more transparency, >and allow to know who wants to do QA and help with security and >releng. Of course there are other processes, because access in cvs is >only part of the privileges needed by people in, say, releng, but >access in cvs is one of the required access. That sounds somewhat reasonable. >It doesn't necessarily mean that people in these groups have to >be packagers, but that they follow roughly the same trust system >and go through the same gates when it makes sense, as is the case for >the cvs access. My only issue with your proposal is that it seems to imply people have magically been granted access to cvsadmin just because they are in a particular group. I haven't seen that to be the case at all. There are only 15 people in the cvsadmin group, and each one of them has been added because they actually do cvsadmin work (as in the CVSAdmin requests for packages). There is nobody from the QA team or Security teams in cvsadmin that I can tell. josh -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list