[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Unsponsored Comaintainers



Rahul and Jef Spaleta asked me about this recently so I decided to throw this out as a conversation starter. Please comment on this as Luke and I need some input from releng or FESCo about whether this is a goal we should be aiming for before we can implement it.

= Unsponsored Comaintainers =

Sometimes a contributor wants to get involved with a single Fedora package. This is often the case with upstream maintainers who are interested in seeing their software run well on Fedora but either lack the time to participate in or are disinterested in Fedora as a whole.

One way to enable this is to have current Fedora Packagers "mentor" the upstream maintainers. The Fedora Packager can be the owner of record for the package and make sure that it integrates with the rest of Fedora. The upstream maintainer would take the role of comaintainer for the package and help mainly with code-related bugs.

For this sort of work, it would be ideal if the comaintainer could commit to the package but not build or push. The package owner would then have the ability to check the changes that the upstream maintainer made to verify they followed the Fedora Packaging Guidelines and integrated with things going on in the rest of the distro.

At the moment we are constrained by the limitations of the tools we're working with (koji, packagedb, cvs repository, and bodhi). So here's a three phase approach to getting to the ideal:

== Phase 1 ==

Upstream maintainer and Fedora Package owner decide to collaborate. The Upstream maintainer signs the CLA. Someone from a group of sponsors willing to work on this as a pilot program sponsors them into cvsextras.

The comaintainer can now request commit acls on the package. This gives them access to commit to cvs, build in koji, and push via bodhi for this package. There is an understanding among the participants that the upstream maintainer should not work on packages for which they have not been granted commit access. The sponsor has to watch the commits list for changes made by the upstream maintainer that violate this policy.

This requires no changes to our tools but requires:
1) a pool of sponsors willing to work on this
2) commitment from unsponsored comaintainers to follow the rules and sponsors who are willing to police those comaintainers to make sure they're abiding by them.

== Phase 2 ==

In phase 2, we can remove the pool of sponsors. Instead we allow people without cvsextras to sign up to comaintain a package. If the primary package maintainer approves, the comaintainer is allowed to use any of the acls they are approved for. The package owner would still have to watch to make sure the comaintainer is not doing more than they are supposed to on that particular package.

This requires changes to the cvs repository so people not in cvsextras but explicitly in the acl are allowed to commit. This could be a bit tricky as we currently have two levels of security in the repository: 1) People must be in the acl to access resources of the repository, 2) they must be in cvsextras. We'll want something equivalent in the new setup.

== Phase 3 ==

In this stage, we make sure that acls prevent people from doing things they are not supposed to, freeing the package owner from some of the manual policing they had to do before. The PackageDB will have acls for pushing and building as well as committing. This will allow package owners to specify that a maintainer should only be allowed to commit or only allowed to commit and build.

The packagedb will need to allow changing of build and push acls. [easy]
Bodhi will need to operate on the push acls instead of the commit acls. [easy]
koji will need to support restricting builds.

-Toshio


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]