On Sun, 2022-09-04 at 00:05 +0000, Gary Buhrmaster wrote: > > > But yeah, looking at that, one 'loophole' is it doesn't check if > > they're actually needing *proven* packager powers - just packager > > powers. If a proven packager is only building packages they have > > explicit commit rights to, they may not need proven packager powers any > > more? > > True enough, although I think if someone is > actually active, and building multiple packages > (even if they have gotten explicit commit rights > (either before or after getting PP powers)), that > we would probably need quite an extended time > frame (2+ years) to determine with some > confidence (to avoid undue annoyance emails) > that they no longer appear to need that group > membership. It would certainly be interesting > to run a test to determine if any PP would fall > into that category (and not the larger one of no > builds at all) but I suspect that there would be > a large number. btw, it would seem that a way > for a PP to avoid the annoyance emails under > your loophole closing would be to drop explicit > commit rights and use PP privs on some > package (the loophole bypass loophole defense?) Gadzooks, foiled by the old loophole bypass loophole defense again?! No, seriously, I'm kinda assuming 'positive intent' here. It's not meant to catch someone trying to 'avoid' the check. More maybe just someone who got PP powers years ago but now just maintains one or two packages, but never thought about giving them up. Maybe if there are folks like that they'd be happy to drop the privileges so if they do lose their laptop or something, the consequences are more limited. -- Adam Williamson Fedora QA IRC: adamw | Twitter: adamw_ha https://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
