On Fri, Mar 24, 2017 at 02:34:42PM -0500, Jason L Tibbitts III wrote: > >>>>> "PC" == Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> writes: > > PC> So, does per-branch ACLs make sense to you? Have you had cases where > PC> you thought it was good/bad? More importantly, have you had cases > PC> where you would want to give someone access to just one branch and > PC> really really do *not* want them to have access to the other > PC> branches? > > To me it's more about information. Currently we can track who is > working on, say, EPEL6 separately from Fedora. Since packaging for EPEL > can be significantly different (though less so since EPEL5 is almost > gone) it helps to keep that separate. There are many cases where > maintainers for Fedora just don't want to be troubled with keeping track > of what's required to make EPEL (and especially old EPEL) work. > > This does matter for, say, bugzilla assignments, but I don't think > there's any real case where you'd want to prevent _in infrastructure_ > someone from poking at a specific branch. If simple communication and > the occasional git revert doesn't work then you have a much greater > problem anyway. > > So per-branch _enforcement_ of ACLs doesn't seem particularly important > to me, but I think it would still be useful to keep track somewhere. > And of course we have to tell bugzilla something. Thanks Tibbs, you put your two foot exactly where I didn't want to go: the other things pkgdb bring us :) So yes pkgdb isn't just a glorified gitolite admin interface, it has a few more features: - Keep trac of Point of Contact for the package, in Fedora and in the different EPEL - Keeps trac of who is added to the CC list of the bugs opened against the package on bugzilla - New package/branch workflow. My first idea for this is that we could just have a git repo storing something like a toml file or files containing these information. These files could then be made publicly accessible to anyone on our proxies and zodbot & other apps could just query them. Want to be CC'ed to a package? - Open a pull-request to add you Want a new branch? - Open a pull-request for it Want to orphan a package? - Open a pull-request making the PoC be: orphan Maybe this ought to be in the dist-git repo of the package itself, maybe another git repo elsewhere where rel-eng could process the requests. We could just use fedmsg to trigger the sync to bugzilla and we could also prevent people without a bugzilla account to be added to the CC list of a package. This is of course a first idea, there may be more and better ones. Pierre _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
