Re: Changing the ACL policy for alioth projects (Was: Unable to push debian-jr changes)

To: debian-devel@lists.debian.org
Subject: Re: Changing the ACL policy for alioth projects (Was: Unable to push debian-jr changes)
From: Andreas Tille <andreas@an3as.eu>
Date: Tue, 31 Mar 2015 15:17:17 +0200
Message-id: <[🔎] 20150331131717.GA16161@an3as.eu>
In-reply-to: <[🔎] 20150331080736.17afe494@sylvester.codehelp>
References: <20150329204354.GD23983@an3as.eu> <CABYrXSSFbn+E4LJjOqaogX23fX8DxRE_ewxKe_CFdyqROtHBkA@mail.gmail.com> <[🔎] 20150331063034.GA5420@an3as.eu> <[🔎] 20150331080736.17afe494@sylvester.codehelp>

On Tue, Mar 31, 2015 at 08:07:36AM +0100, Neil Williams wrote:
> On Tue, 31 Mar 2015 08:30:34 +0200
> Andreas Tille <andreas@an3as.eu> wrote:
> 
> > Hi,
> > 
> > since I have cared for ACLs set on all projects I have admin
> > permissions I always (obviously wrongly - see[1]) assume that people
> > do so as well in their projects.  I experienced the same issue
> > yesterday in pkg-openstack: The fact that there is a way to grant
> > commit permissions to any DD to VCSs on alioth is widely unknown even
> > if it is mentioned in the Alioth FAQ[2].
> > 
> > I hereby like to propose that the default on Alioth will be that ACLs
> > are set to grant write permissions for DDs *by default* and project
> 
> Isn't that exactly why we have collab-maint?

To my understanding not.

> If a repository is not
> part of collab-maint, that is because only the relevant team should
> have write permissions on that repo.

That means you question the sense of ACLs for DDs in general?

> > admins need to ask admins to revert this if they have good reasons to
> > prevent any DD from writing to their VCS.
> > 
> > Any opinions?
> 
> I don't want have write permissions on every project on Alioths

If you do not want it feel free to ignore the option.

> and I
> don't see that others need write permissions to repos not in
> collab-maint. Submit a bug and a patch, just like everyone else.

I have no idea what everyone else is doing.  I simply know that it
happens from time to time that a quick commit to a repository is way
less effort than a detour via BTS and that it is common practice in some
teams I know.  It definitely helps if a DD did an NMU and commits the
changes to the relevant VCS.  This is not only kind for the maintaining
team this sometimes even helps a lot for inactive teams.

It also offered the option of some mass changes when debian/upstream
files in Debian Med and Debian Science where renamed into
debian/upstream/metadata files.  There was no need to add a new team
member who only wanted to do this change without doing some 200+x mass
bug filing which would have created *lots* of work for everybody.

If you need more examples for use cases of an option you are free
to ignore I can happily provide them.

Thanks for considering

     Andreas.

-- 
http://fam-tille.de

Reply to:

References:
- Changing the ACL policy for alioth projects (Was: Unable to push debian-jr changes)
  - From: Andreas Tille <andreas@an3as.eu>
- Re: Changing the ACL policy for alioth projects (Was: Unable to push debian-jr changes)
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: Re: aptitude has Priority: standard, why?
Next by Date: Re: Work-needing packages report for Mar 27, 2015
Previous by thread: Re: Changing the ACL policy for alioth projects (Was: Unable to push debian-jr changes)
Next by thread: Re: Changing the ACL policy for alioth projects (Was: Unable to push debian-jr changes)
Index(es):
- Date
- Thread