On Sun, Jun 20, 2021 at 7:19 PM Zbigniew Jędrzejewski-Szmek
<zbyszek(a)in.waw.pl> wrote:
On Sun, Jun 20, 2021 at 08:37:03AM -0500, Michael Catanzaro wrote:
> On Sun, Jun 20 2021 at 07:29:16 AM -0400, Neal Gompa
> <ngompa13(a)gmail.com> wrote:
> >Most of our rules are designed to make sure there's someone ultimately
> >responsible for everything going into Fedora. Unfortunately, bots are
> >the opposite of that, because there's no one to reach to stop bad
> >behavior when it happens.
> Hm, this seems pretty simple to solve though, right? Allow bots to
> submit updates on behalf of packagers, but not with their own bot
> FAS accounts.
Let's not throw out the baby with the bath water.
A human *is* responsible and known. When a bot account is given
permission, we make sure that there's a known human behind the account.
Things are no other in this particular case, see the original ticket [1].
Actually, if the bot were using their human's account, things would be *less*
transparent. By using a separate account, we are making it clear that
this update stream is made by this particular bot (as opposed to e.g.
some human occasionally using a script to release some updates).
[1]
https://pagure.io/fesco/issue/2228
I wish our new FAS implementation gave us the ability to generate
delegate/service accounts associated with a primary account. That way,
we have a clear record of a human owning it, and when that human's
account is known to no longer be active, the bot breaks with it.
> This would be like how GNOME package updates currently
> work, where a bot does the hard work but a human is ultimately
> responsible (and subscribed to each bodhi update, so feedback will
> at least not be completely missed).
The line can be a big hazy, but I'd say that if:
- a human is just using a script or even a some program to fire off
the update — this particular person's account must be used.
- some bot prepares the update, but a human still need to make the final
step and may or may not publish the update: probably better to do it
using this person's account.
- the bot is set up once and then keeps releasing updating until stopped,
and may be managed by multiple people — a separate bot account is preferable.
The problem is that this whole thing works off the premise that
Rawhide is a dumping ground. It is not. It also works off the premise
that nobody cares about the stuff being pushed into Dist-Git, Koji,
and to users. And frankly, that has not been true for a *very* long
time, if it ever was.
--
真実はいつも一つ!/ Always, there's only one truth!