mizdebsk added a new comment to an issue you are following:
``
As [agreed on the last
meeting](https://meetbot.fedoraproject.org/teams/releng/releng.2019-02-20... I
have implemented PoC of Koji hub policy that gives users with "pkglist"
permission limited ability to manipulate package lists for certain Koji tags. The policy
is deployed in staging Koji. Its configuration can be seen in [Koji hub configuration file
in ansible
repository](https://infrastructure.fedoraproject.org/cgit/ansible.git/tre....
No code changes to Koji are needed - configuration change is sufficient.
In current configuration:
- Removing packages is disallowed for all tags, as I think it is not desired in most cases
- generally packages should be blocked instead of removing them. Users with admin
permission can still remove packages by overriding this policy, eg. by adding `--force`
argument to `koji remove-pkg` CLI call.
- Users with "pkglist" permission are allowed to:
- in Fedora rawhide: add, unblock and block packages,
- in Fedora branched before final freeze: add, unblock and block packages,
- in Fedora branched during final freeze: add and unblock packages,
- in current F-n and previous F-(n-1) Fedora releases: add and unblock packages,
- in F-(n-2): nothing (I don't think it's wise to change package lists one
month before EOL).
- Users with "infra" permission are allowed to add, unblock and block pacakges
in infra tags. This is not related to this ticket, but I wanted to show that the policy is
able to express that, and I also think it may be a good idea to do.
- In all cases not listed above, users are denied to make changes to package lists for
tags.
``
To reply, visit the link below or just reply to this email
https://pagure.io/releng/issue/8142