PLEASE READ: provenpackager reseed

Patrice Dumas pertusus at free.fr
Tue Mar 10 22:02:34 UTC 2009 

On Tue, Mar 10, 2009 at 01:13:48PM -0400, Josh Boyer wrote:
> >
> >So, what I am more or less proposing is that people in these groups
> >first try to become provenpackager and then can be in the cvsadmin group
> >based on another process. This would certainly add more transparency,
> >and allow to know who wants to do QA and help with security and
> >releng. Of course there are other processes, because access in cvs is
> >only part of the privileges needed by people in, say, releng, but
> >access in cvs is one of the required access.
> 
> That sounds somewhat reasonable.

I am not sure, in fact. I think that the infras policies are better.
It is in fact quite reasonable that I know nothing about this group, 
that it is not documented in the packagers part, it is for infras.
 
> >It doesn't necessarily mean that people in these groups have to 
> >be packagers, but that they follow roughly the same trust system
> >and go through the same gates when it makes sense, as is the case for 
> >the cvs access.
> 
> My only issue with your proposal is that it seems to imply people have
> magically been granted access to cvsadmin just because they are in a
> particular group.  I haven't seen that to be the case at all.

In fact I am not implying much. I thought that I missed a packager
group, but in fact it is not the case.

> There are only 15 people in the cvsadmin group, and each one of them
> has been added because they actually do cvsadmin work (as in the
> CVSAdmin requests for packages).

Ok. So this is very different from what I had in mind. It is more
an infra issue, not necessarily relevant to go through provenpackager.
But it is also clearly not the kind of group I was referring to. 
This is a good group for established infras people and packagers, but 
not for people interested in helping releng, but not already in the 
inner circles. People in that case should also go through the 
infra/releng procedures, sure, but also going through provenpackager
to be able to do some releng stuff without being in the inner releng
circle is what I had in mind.

> There is nobody from the QA team or Security teams in cvsadmin that
> I can tell.

So where are they, and isn't provenpackager a good place for most of
them, and maybe even higher for some (in the security group for closed
ACLs)?

--
Pat

More information about the devel mailing list