On Sun, Jun 20, 2021 at 08:37:03AM -0500, Michael Catanzaro wrote: > On Sun, Jun 20 2021 at 07:29:16 AM -0400, Neal Gompa > <ngompa13@xxxxxxxxx> wrote: > >Most of our rules are designed to make sure there's someone ultimately > >responsible for everything going into Fedora. Unfortunately, bots are > >the opposite of that, because there's no one to reach to stop bad > >behavior when it happens. > Hm, this seems pretty simple to solve though, right? Allow bots to > submit updates on behalf of packagers, but not with their own bot > FAS accounts. Let's not throw out the baby with the bath water. A human *is* responsible and known. When a bot account is given permission, we make sure that there's a known human behind the account. Things are no other in this particular case, see the original ticket [1]. Actually, if the bot were using their human's account, things would be *less* transparent. By using a separate account, we are making it clear that this update stream is made by this particular bot (as opposed to e.g. some human occasionally using a script to release some updates). [1] https://pagure.io/fesco/issue/2228 > This would be like how GNOME package updates currently > work, where a bot does the hard work but a human is ultimately > responsible (and subscribed to each bodhi update, so feedback will > at least not be completely missed). The line can be a big hazy, but I'd say that if: - a human is just using a script or even a some program to fire off the update — this particular person's account must be used. - some bot prepares the update, but a human still need to make the final step and may or may not publish the update: probably better to do it using this person's account. - the bot is set up once and then keeps releasing updating until stopped, and may be managed by multiple people — a separate bot account is preferable. Zbyszek _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
