On Thu, Feb 6, 2020 at 4:14 PM Till Maas <opensource(a)till.name> wrote:
On Tue, Jan 21, 2020 at 04:34:37PM +0000, Leigh Griffin wrote:
> On behalf of the CPE team I want to draw the communities attention to a
> recent blog post which you may be impacted by:
>
https://communityblog.fedoraproject.org/git-forge-requirements/
>
> We will be seeking input and requirements in an open and transparent manner
> on the future of a git forge solution which will be run by the CPE team on
Aleksandra's comment made me aware that for dist-git, we do not really
need a git forge, it is just that the pagure git forge was used to
implement a lot of workflows that pkgdb provided in the past.
I tried to write the requirements as user stories to make them easier to
understand. What do you think?
I think this is the most productive message on this thread so far. Thanks!
josh
> - As a package maintainer, I can only commit to a dist-git repo, if I am
> in the Fedora packager group.
> - As a package maintainer, I can only commit to a dist-git repo, if I am
> a maintainer of the branch.
> - As a proven packager, I can commit to all dist-git repos that do not
> have special restrictions set by FESCo or are retired.
> - As a FESCO member, I can configure exceptions to disallow proven
> packager access to a dist-git repo.
> - As dist-git repo admin, I can easily add other maintainers to allow
> commit or admin access for dist-git repo by using their FAS username
> - As a dist-git repo admin, I cannot remove access to the repo from
> Fedora infra, Releng or proven packagers without FESCo approval.
> - As a package maintainer, I can easily orphan a dist-git repo or branch
> to show that it is not maintained anymore.
> - As a package maintainer, I can adopt any orphaned dist-git repo or
> branch.
> - As a package maintainer, I can easily unretire a retired dist-git repo
> or branch.
> - As a release engineer, I can easily approve unretire requests for a
> dist-git repo or branch.
> - As anybody, I can easily see the FAS usernames of maintainers for all
> branches of a dist-git repo.
> - As a non-releng member, I cannot remove any commits from any dist-git
> repo that were used to build a Fedora package.
> - As an external user, I can easily get a list of all orphaned or
> retired dist-git repos and branches.
> - As anybody, I can watch for issues (bugzillas) or PRs that are created
> for a dist-git repository.
> - As anybody, I can easily get a list of all dist-git repos that I am
> watching.
> - As anybody, I can easily get a list of all dist-git repos that a
> specific Fedora account has admin/commit access to.
> - As anybody, when looking at the dist-git repo it is clearly visible
> which branches are still maintained.
> - As anybody, when I look for a specific branch, EOL branches do not
> clutter my view.
> - As a package maintainer, I can easily request commit/admin access for
> a specific branch or dist-git repo.
>
> Also since dist-git is a critical part of our infrastructure, there
> should probably also be some security-related requirements such as:
>
> - As Fedora infra, I can easily audit that no git repo was accessed
> without authorization.
> - As Fedora infra/security response team, I have access to secure logs
> to analyse the impact of unauthorized access to all dist-git repos.
> - As anybody, the dist-git web page of a repo points me to Bugzilla to
> report issues for a repository.
>
> I did not manage to read all other replies, so there might be some
> duplicates but it also seems to me that many of these items were not
> mentioned.
>
> Kind regards
> Till
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org