On Fri, Mar 24, 2017 at 02:34:42PM -0500, Jason L Tibbitts III wrote:
>>>>> "PC" == Pierre-Yves Chibon
<pingou(a)pingoured.fr> writes:
PC> So, does per-branch ACLs make sense to you? Have you had cases where
PC> you thought it was good/bad? More importantly, have you had cases
PC> where you would want to give someone access to just one branch and
PC> really really do *not* want them to have access to the other
PC> branches?
To me it's more about information. Currently we can track who is
working on, say, EPEL6 separately from Fedora. Since packaging for EPEL
can be significantly different (though less so since EPEL5 is almost
gone) it helps to keep that separate. There are many cases where
maintainers for Fedora just don't want to be troubled with keeping track
of what's required to make EPEL (and especially old EPEL) work.
This does matter for, say, bugzilla assignments, but I don't think
there's any real case where you'd want to prevent _in infrastructure_
someone from poking at a specific branch. If simple communication and
the occasional git revert doesn't work then you have a much greater
problem anyway.
So per-branch _enforcement_ of ACLs doesn't seem particularly important
to me, but I think it would still be useful to keep track somewhere.
And of course we have to tell bugzilla something.
Thanks Tibbs, you put your two foot exactly where I didn't want to go: the other
things pkgdb bring us :)
So yes pkgdb isn't just a glorified gitolite admin interface, it has a few more
features:
- Keep trac of Point of Contact for the package, in Fedora and in the different
EPEL
- Keeps trac of who is added to the CC list of the bugs opened against the
package on bugzilla
- New package/branch workflow.
My first idea for this is that we could just have a git repo storing something
like a toml file or files containing these information.
These files could then be made publicly accessible to anyone on our proxies and
zodbot & other apps could just query them.
Want to be CC'ed to a package?
- Open a pull-request to add you
Want a new branch?
- Open a pull-request for it
Want to orphan a package?
- Open a pull-request making the PoC be: orphan
Maybe this ought to be in the dist-git repo of the package itself, maybe another
git repo elsewhere where rel-eng could process the requests.
We could just use fedmsg to trigger the sync to bugzilla and we could also
prevent people without a bugzilla account to be added to the CC list of a
package.
This is of course a first idea, there may be more and better ones.
Pierre