Il 16/03/21 17:50, Fabio Valentini ha scritto:
> Hi everybody,
>
> I've realized that there's a big mismatch between the permissions that
> are necessary and the immediate impact for orphaning and retiring a
> package:
>
> orphan:
> - is reversible by single button press by anybody in "packager" group
> - has no immediate effect / effect only after 6 weeks of inaction
> - but: can only be done only by "main admin" / "owner" of package
>
> retire:
> - is irreversible without filing a releng ticket and manual human intervention
> - has "immediate" effect (seconds to minutes for koji, < 1 day for
> repos) for the package and all its dependencies
> - but: can be done by all packagers with package access ("commit",
> "admin", "main admin" access levels) and all provenpackagers
>
> Shouldn't the action with *more severe and immediate impact* be the
> one which requires a higher level of permissions on a package?
>
> For example, I was thinking about dropping some Rust SIG packages that
> are no longer needed by the SIG (or in Fedora). Maybe I would rather
> like to orphan them so any packager who is interested in them can pick
> them up within 6 weeks without any bureaucratic hoops to jump through.
> But since I am not "main admin" of those packages, I can only retire
> them *immediately*, which seems backwards to me.
>
> So ... should we make retirement of packages harder, or should we make
> it easier to orphan a package (e.g. by making it possible for
> co-maintainers to orphan a package)? Right now, there's a big mismatch
> between permission level and impact of possible actions.
>
> Fabio
"Orphan" is the action by which the main admin release the package so
that someone else can take their place, so it does make sense to me that
the only one that can orphan a package is the main admin itself.
I do not see why any other committer or admin should be able to "kick
off" the main admin. Unless the main admin is unresponsive, but there's
a procedure for that case.
"Retire" is a drastic procedure that has high impact (and should/must be
used only on Rawhide branch). It does make sense that any committer can
retire a package, for example following a package rename or split.
So, in your case, if there are some Rust packages which aren't useful
anymore to Rust SIG, I don't see why you should be able to orphan them
if the main admin is someone else that, maybe, has still interest in
maintaining them.
Mattia
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
