Dne 16. 03. 21 v 18:22 Mattia Verga via devel napsal(a):
Il 16/03/21 17:50, Fabio Valentini ha scritto:Hi everybody, I've realized that there's a big mismatch between the permissions that are necessary and the immediate impact for orphaning and retiring a package: orphan: - is reversible by single button press by anybody in "packager" group - has no immediate effect / effect only after 6 weeks of inaction - but: can only be done only by "main admin" / "owner" of package retire: - is irreversible without filing a releng ticket and manual human intervention - has "immediate" effect (seconds to minutes for koji, < 1 day for repos) for the package and all its dependencies - but: can be done by all packagers with package access ("commit", "admin", "main admin" access levels) and all provenpackagers Shouldn't the action with *more severe and immediate impact* be the one which requires a higher level of permissions on a package? For example, I was thinking about dropping some Rust SIG packages that are no longer needed by the SIG (or in Fedora).
I think the problem is that the groups can be removed from package only by the main admin. If the main admin is non-responsive, then the whole group is kind of hostage. Every group member should be able to remove the group from the package IMHO. But this can be solved via tickets.
Vít
Maybe I would rather like to orphan them so any packager who is interested in them can pick them up within 6 weeks without any bureaucratic hoops to jump through. But since I am not "main admin" of those packages, I can only retire them *immediately*, which seems backwards to me. So ... should we make retirement of packages harder, or should we make it easier to orphan a package (e.g. by making it possible for co-maintainers to orphan a package)? Right now, there's a big mismatch between permission level and impact of possible actions. Fabio"Orphan" is the action by which the main admin release the package so that someone else can take their place, so it does make sense to me that the only one that can orphan a package is the main admin itself. I do not see why any other committer or admin should be able to "kick off" the main admin. Unless the main admin is unresponsive, but there's a procedure for that case. "Retire" is a drastic procedure that has high impact (and should/must be used only on Rawhide branch). It does make sense that any committer can retire a package, for example following a package rename or split. So, in your case, if there are some Rust packages which aren't useful anymore to Rust SIG, I don't see why you should be able to orphan them if the main admin is someone else that, maybe, has still interest in maintaining them. Mattia _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
