Il 20/02/25 13:17, Miro Hrončok ha scritto: > Hello. > > With the recent discussions about provenpackagers in Fedora, I recently got an > idea. > > One of the common needs for provenpackagers is to simply "bump and rebuild" a > set of dependencies. > > All packagers are already able to build anything (except a very specific and > small set of specially-signed packages). However, to bump the package, they > need commit rights. For that reason, provenpackager rights are often required. > > With the wide adoption of %autorelease, such bump commits are empty, which > should be easy to verify. > > What if we allowed all packagers to push empty commit to any package? That > should eliminate *some* need for provenpackager access. We would also > communicate in our policies that such bumps do not require prior agreement with > the maintainers to avoid confusion about "what are we allowed to do". > Well, I think it's a bit more complex: we would need to be sure the empty commit rebuild is really "empty". Example: the package maintainer applies changes to the spec file, but doesn't build the package because they're still tweaking it (or just because they're building it in a side tag with other pieces). Now any packager can jump in, trigger an empty commit and build the package. I know that the same problem may happen with provenpackagers, but, ideally, provenpackagers are usually considered more "responsible"... Mattia -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
