On Thu, Feb 6, 2020 at 4:14 PM Till Maas <opensource@xxxxxxxxx> wrote: > > On Tue, Jan 21, 2020 at 04:34:37PM +0000, Leigh Griffin wrote: > > > On behalf of the CPE team I want to draw the communities attention to a > > recent blog post which you may be impacted by: > > https://communityblog.fedoraproject.org/git-forge-requirements/ > > > > We will be seeking input and requirements in an open and transparent manner > > on the future of a git forge solution which will be run by the CPE team on > > Aleksandra's comment made me aware that for dist-git, we do not really > need a git forge, it is just that the pagure git forge was used to > implement a lot of workflows that pkgdb provided in the past. > > I tried to write the requirements as user stories to make them easier to > understand. What do you think? I think this is the most productive message on this thread so far. Thanks! josh > - As a package maintainer, I can only commit to a dist-git repo, if I am > in the Fedora packager group. > - As a package maintainer, I can only commit to a dist-git repo, if I am > a maintainer of the branch. > - As a proven packager, I can commit to all dist-git repos that do not > have special restrictions set by FESCo or are retired. > - As a FESCO member, I can configure exceptions to disallow proven > packager access to a dist-git repo. > - As dist-git repo admin, I can easily add other maintainers to allow > commit or admin access for dist-git repo by using their FAS username > - As a dist-git repo admin, I cannot remove access to the repo from > Fedora infra, Releng or proven packagers without FESCo approval. > - As a package maintainer, I can easily orphan a dist-git repo or branch > to show that it is not maintained anymore. > - As a package maintainer, I can adopt any orphaned dist-git repo or > branch. > - As a package maintainer, I can easily unretire a retired dist-git repo > or branch. > - As a release engineer, I can easily approve unretire requests for a > dist-git repo or branch. > - As anybody, I can easily see the FAS usernames of maintainers for all > branches of a dist-git repo. > - As a non-releng member, I cannot remove any commits from any dist-git > repo that were used to build a Fedora package. > - As an external user, I can easily get a list of all orphaned or > retired dist-git repos and branches. > - As anybody, I can watch for issues (bugzillas) or PRs that are created > for a dist-git repository. > - As anybody, I can easily get a list of all dist-git repos that I am > watching. > - As anybody, I can easily get a list of all dist-git repos that a > specific Fedora account has admin/commit access to. > - As anybody, when looking at the dist-git repo it is clearly visible > which branches are still maintained. > - As anybody, when I look for a specific branch, EOL branches do not > clutter my view. > - As a package maintainer, I can easily request commit/admin access for > a specific branch or dist-git repo. > > Also since dist-git is a critical part of our infrastructure, there > should probably also be some security-related requirements such as: > > - As Fedora infra, I can easily audit that no git repo was accessed > without authorization. > - As Fedora infra/security response team, I have access to secure logs > to analyse the impact of unauthorized access to all dist-git repos. > - As anybody, the dist-git web page of a repo points me to Bugzilla to > report issues for a repository. > > I did not manage to read all other replies, so there might be some > duplicates but it also seems to me that many of these items were not > mentioned. > > Kind regards > Till > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
