Jon Stanley wrote: > == Allow all packagers to commit to specific packages == > > This was briefly discussed, will be brought up for a vote next week. > FESCo is generally fine with the idea, however, some security measures > will need to be put in place prior to actual implementation > I updated the ticket with notes from teh meeting: https://fedorahosted.org/fesco/ticket/108#comment:9 One thing that was mentioned was the lack of fs acls at the moment. After looking at what we have now, I'm not sure that fs acls fix anything that's not also broken currently. Currently: * the cvs repository has no fs acls * unix group for all directories is set to packager with a sticky group bit. * the cvs acl script limits who can actually commit to packages to @provenpackager and the specific people involved. Implementation-wise, the proposal would allow the cvs acl script to have @packager as another allowed group so people who are just in the packager group can commit to a specific package. I can see fs acls being used to lock down our repo against bugs in the cvs acl script or being used to replace the cvs acl script. But that seems to be somewhat separate from the proposal. I don't think it would solve anything specific to the proposal but could make things more secure for both the current and proposed method. notting, do you see something that I don't? -Toshio
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list