On 04-09-2022 00:01, Adam Williamson wrote:
On Sat, 2022-09-03 at 13:04 -0700, Kevin Fenzi wrote:
On Sat, Sep 03, 2022 at 12:24:11PM -0700, Adam Williamson wrote:
So, I have a probably-controversial idea for a follow-up on this.
Even after this sweep, we have 141 proven packagers. That's a lot of
people who can build almost anything in Fedora.
It should be possible to check whether a provenpackager has built any
package they don't have direct commit rights to in the last X months.
Should we construct that search, run it, and propose removing
provenpackager status from folks who aren't using it, to cut down that
set?
That policy was setup before this one for packagers. ;)
https://docs.fedoraproject.org/en-US/fesco/Provenpackager_policy/
Look, I'm getting old, okay? ;)
As long as you can still discover such loopholes, it can't be that bad. ;)
But yeah, looking at that, one 'loophole' is it doesn't check if
they're actually needing *proven* packager powers - just packager
powers. If a proven packager is only building packages they have
explicit commit rights to, they may not need proven packager powers any
more?
So,
"members of the group who have not submitted a koji build in the last
six months"
should be changed to
"members of the group who have not submitted a koji build requiring
provenpackager permissions in the last six months"
Makes sense to me. Although, I'm not sure how much more work it is to
get this audited.
-- Sandro
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
