Re: bodhi: permission for updates from side-tags with packages from several maintainers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Il 23/09/20 18:23, Kevin Fenzi ha scritto:
> On Wed, Sep 23, 2020 at 02:02:21PM +0000, Zbigniew Jędrzejewski-Szmek wrote:
>> On Wed, Sep 23, 2020 at 12:05:38PM -0000, Michael J Gruber wrote:
>>> Hi there
>>>
>>> I have a side-tag into which several maintainers have built their packages successfully so that I can push a coordinated update.
>>>
>>> Now, when I try to submit that update, bodhi cli gives an unqualified auth error, and bodhi web tells me I need commit access for 2 of the 5 packages (I have commit access for the other 3). Does it really make sense that I need full commit access for a package in order to simply submit a package update when that packages maintainer built into my side-tag for that sole purpose?
>>>
>>> If that is bodhi's intended behaviour I'll ask for commit access, of course, promising to use it for that specific purpose only.
> I don't know that it's "intended behavior" so much as just how it's
> implemented currently.
>
> I think it would make sense to get bodhi to allow you (as sidetag owner)
> to submit an update with builds you didn't do/own. It seems like extra
> overhead to force you to be a provenpackager or get commit on all those
> packages just to do this.
>
> Can you file a RFE on it?
> https://github.com/fedora-infra/bodhi/issues
>
> or if you like I can do so...
>
>> Would it be possible to always allow the person who *created* the side-tag
>> to do all operations with builds from that side-tag?
> I think so... this is just a bodhi permissions thing. koji already
> allows you to do any operations in the side-tag.
>
Just a question here: let's say I create a side-tag, then someone other 
builds their package and tags it in my side-tag. That's a clear willing 
of the package owner to get their build released in a side-tag update 
created by me. So it would perfectly fine that Bodhi let me release an 
update for a package I don't own.

Now, my only doubt is: can a user build any package in a side-tag they 
own? If so, we could have a problem.

Mattia

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux