[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Alioth → Salsa

On Mon, Jan 29, 2018 at 06:08:47PM +0100, gregor herrmann wrote:
> Sharing
> =======
> 
> I wanted to make the repos accessible for all DDs, like we did on
> Alioth. It seems that the term for that is "sharing with group
> 'Debian'". And it seems that it's not possible to share a (sub)group
> but only individual projects, aka repositories.
> Or did I miss something?
> 
> This is of course painful to do for all future 3500 repos, and then
> for new repos, etc. And the API doesn't make it better:
> - sharing and unsharing is terribly slow (several seconds before the
>   call returns), in the back of my head I saw busy tiny persons
>   running through a PostgreSQL database and adding/removing all the
>   IDs ...
> - sharing/unsharing also has a delay, I had to wait for about a
>   minute until project_users showed the correct output
> - sharing/unsharing are not idempotent, i.e. sharing fails when the
>   project is already shared, unsharing fails if the project is not
>   shared. That's not insane per se, but there doesn't seem to be a
>   method to list current shares. In dpt-salsa I now check if the user
>   with id 1 (that's the salsa administrator) is a project user
>   *cough*
> 
> Unless I missed something, that's all a bit tedious. Maybe we should
> just forget about this sharing business?

Yeah, I don't think it's a bad thing to ask people to introduce themselves
on the list first anyway, even if they are DDs.
 
> Permissions
> ===========
> 
> AFAICS, access level "manager" is needed in a subgroup to allow the
> members to add new projects, i.e. push new repos, which is what we
> want. -- This seems to have the interesting side effect that all those
> "managers" get all "join requests" (in the To: header) :/ It sounds a
> bit unfortunate to send them to (in the future) 100 people.
> Did I miss something here?

Why not disable requests entirely and ask people to ask on the list
(which we already do, really).

> Join requests
> =============
> 
> I turned off the possibility to ask for membership on the top-level
> "debian-team" group and pointed to the "debian-team / modules"
> subgroup in the description.
> 
> Given the issue mentioned above (recipients) and the unhelpful mails
> generated by GitLab (user can't add a message to their request; no
> info who actually requests access in From or Subject; no possibility
> to reply or to find out user's email address; broken signature
> delimiter -- ok, that's just aesthetic), I'm wondering if we should
> turn off the join request feature and just point to the mailing list
> and/or homepage (like other teams already do).

Snap :)

Cheers,
Dominic
Reply to: