On Fri, Oct 05, 2007 at 01:49:05PM -0700, Toshio Kuratomi wrote:
Luke Macken wrote:
> On Fri, Oct 05, 2007 at 01:38:19PM -0400, Todd Zullinger wrote:
>> I built an updated vorbis-tools package to fix bz#244757[1] but bodhi
>> won't let me push the update for F7. When I select Add Update, I get
>> an error that states:
>>
>> tmz does not have commit access to vorbis-tools
>>
>> This is partly true. Though the package is open to cvsextras, which
>> is how I had acccess to commit the changes. What's the best way to
>> solve this? Do I need to nag one of the primary maintainers of
>> vorbis-tools to do the actual push in bodhi (or request more
>> privileges from the pkgdb)?
>>
>> Would it be reasonable to allow members of cvsextras to push an update
>> to -testing if the package is open to cvs commits from cvsextras?
>> That'd facilitate someone coming along and helping fix low-hanging
>> fruit bugs like this -- freeing up the maintainers to work on the
>> harder and more pressing bugs.
>>
>> Pushing to -testing would provide some warning to the primary
>> maintainers if someone were to try and push an update they thought
>> shouldn't be pushed. Then they could unpush it to prevent it from
>> getting into the stable updates.
>>
>> (I'm not sure what the best balance is here, I can see reasons for
>> allowing or for denying such access in bodhi.)
> Right now bodhi only looks at the individuals with commit access from
> the pkgdb. It should definitely also check the ACL, and in the case
> of vorbis-tools, allow you to push updates for it.
> Toshio is throwing together a patch for bodhi now.
Here's a patch for considering group-acls as part of authentication check.
Applied, thanks!
luke