On Wed, Sep 23, 2020 at 05:02:07PM +0000, Mattia Verga via devel wrote: > Il 23/09/20 18:23, Kevin Fenzi ha scritto: > > On Wed, Sep 23, 2020 at 02:02:21PM +0000, Zbigniew Jędrzejewski-Szmek wrote: > >> On Wed, Sep 23, 2020 at 12:05:38PM -0000, Michael J Gruber wrote: > >>> Hi there > >>> > >>> I have a side-tag into which several maintainers have built their packages successfully so that I can push a coordinated update. > >>> > >>> Now, when I try to submit that update, bodhi cli gives an unqualified auth error, and bodhi web tells me I need commit access for 2 of the 5 packages (I have commit access for the other 3). Does it really make sense that I need full commit access for a package in order to simply submit a package update when that packages maintainer built into my side-tag for that sole purpose? > >>> > >>> If that is bodhi's intended behaviour I'll ask for commit access, of course, promising to use it for that specific purpose only. > > I don't know that it's "intended behavior" so much as just how it's > > implemented currently. > > > > I think it would make sense to get bodhi to allow you (as sidetag owner) > > to submit an update with builds you didn't do/own. It seems like extra > > overhead to force you to be a provenpackager or get commit on all those > > packages just to do this. > > > > Can you file a RFE on it? > > https://github.com/fedora-infra/bodhi/issues > > > > or if you like I can do so... > > > >> Would it be possible to always allow the person who *created* the side-tag > >> to do all operations with builds from that side-tag? > > I think so... this is just a bodhi permissions thing. koji already > > allows you to do any operations in the side-tag. > > > Just a question here: let's say I create a side-tag, then someone other > builds their package and tags it in my side-tag. That's a clear willing Well, do you mean: 1. They build their package normally, and then koji tag-pkg it into the side tag? I think koji will deny that because you aren't the sidetag owner. or 2. They build against the side tag, and koji itself tags their build into that tag since it's the target of the sidetag build. That works fine, koji does that. 1 could cause problems if they build against other packages and then try and add their build into the side tag (that has a different buildroot). > of the package owner to get their build released in a side-tag update > created by me. So it would perfectly fine that Bodhi let me release an > update for a package I don't own. Yeah, for case 2 above. > Now, my only doubt is: can a user build any package in a side-tag they > own? If so, we could have a problem. Anyone can build anything, but constrained by: * It cannot have been built before. ie, it must be a different N-V-R from a existing successfull build. * It has to build against src.fedoraproject.org git repos. There must be a commit it's building against. * Some packages will build, but then refuse to be tagged because of permissions (grub2/shim,etc) What problem are you thinking of? kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
