[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Future owners/ACL choices



Hey all,

The packagedb[1]_ is progressing quite nicely.  To the point where we should
be able to replace owners.list and acls with it in the not too distant
future.  But in talking about what remains to be done, Bill Nottingham
and I came to a disagreement about what the policy surrounding ownership
needs to be.

In the pre-ACL cvs tree, anyone could edit owners.list and the cvs
files.  When ACLs were enabled on the cvs tree[2]_, existence of a special
pkg.acl file was used to lock down individual packages.  At the same
time, owners.list was locked down to prevent package maintainers from
adding themselves as owners on other packages and circumventing the
ACLs.  Any changes to the file, orphaning or taking packages, adding new
packages, adding comaintainers, etc, now has to go through a cvs
administrator in order to be approved.

With the packagedb we have more flexibility in what we allow owners to
do, what we need admins to do, and what anyone can do.  But there's a
disagreement as to how much access is prudent.

Here's the functions that can change with the packagedb:

* Take ownership
* Release ownership
* Ability to control commit access (CVS ACLs)
* Ability to control who can modify packagedb ACLs
* Watch bugzilla (notified about bugs opened on this package)
* Watch commits (notified about commits to the package)

These two are available in the db but probably won't be implemented in the interface for
F7:

* Checkout -- Necessary for embargoed packages/package branches but we
don't have any.
* Build -- Requires interaction with the build system so it probably
will wait for F8

notting and I are in agreement that Commit, packagedb ACLs, and
notifications will be requested by user and approved by package owner
(I'm thinking of auto-approving watchbugzilla and watchcommits but I
hadn't mentioned that before.)  We disagree about ownership.  I think we
should allow members of cvsextras to take and release ownership at will.
notting would rather see requests get queued (at least, requests to take
ownership) and a cvs admin will approve it.  Here's a summary of
arguments:

  = At Will =                       = Queued =

Closer to the pre-acl state      Closer to what we have presently

More convenient for packagers    Less ability for a rogue packager
                                 to build a bunch of orphaned packages
                                 with malicious intent.

Easier for packagers to make     Do we actually want this?
small fixes to orphaned
packages.

There's no need to force admins  A package is reviewed and imported for
to look at every request as we   a specific owner.  A new owner should
already trust the packager to    be reviewed to make sure they're
do the right thing.              trusted for this package.

FESCo will have to make a decision on this matter but we need more input
on what the right course of action is.

Your thoughts are appreciated so I can continue hacking,
-Toshio

[1]_: https://admin.fedoraproject.org/pkgdb
[2]_: FESCo minutes for the meeting that the lock down of owners.list
was announced.  This discussion is in the last section of the logs.
http://www.fedoraproject.org/wiki/Extras/SteeringCommittee/Meeting-20070125

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]