On Thu, Feb 20, 2025 at 01:17:02PM +0100, Miro Hrončok wrote: > Hello. > > With the recent discussions about provenpackagers in Fedora, I recently got > an idea. > > One of the common needs for provenpackagers is to simply "bump and rebuild" > a set of dependencies. I guess this "common need" is an example that be grouped under the heading of "packagers should be considered as custodians" (or "guardians"), instead of "owners". It was described in the thread[1] that you allude to. > All packagers are already able to build anything (except a very specific and > small set of specially-signed packages). However, to bump the package, they > need commit rights. For that reason, provenpackager rights are often > required. > > With the wide adoption of %autorelease, such bump commits are empty, which > should be easy to verify. > > What if we allowed all packagers to push empty commit to any package? That > should eliminate *some* need for provenpackager access. We would also > communicate in our policies that such bumps do not require prior agreement > with the maintainers to avoid confusion about "what are we allowed to do". FWIW, sounds reasonable to me, assuming it's limited to Rawhide only for now. If that works well, then probably it can be extended to stable branches, based on the feedback from more active packagers. (I don't pretend to understand all the implications here :)) [1] https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/URVJB22ITA7RPCMVOUBTQ6SB5D6JI4JX/ -- /kashyap -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
