Re: Salsa group role for DDs; bulk update needed
- To: debian-science@lists.debian.org
- Subject: Re: Salsa group role for DDs; bulk update needed
- From: Andreas Tille <andreas@an3as.eu>
- Date: Wed, 6 Nov 2024 22:10:12 +0100
- Message-id: <[🔎] ZyvbNMHokbr2i8If@an3as.eu>
- In-reply-to: <CALF6qJks+L1tw3Jyi2a1Aeaahy7o=wDz4Wokrp+BfODpGRYU-Q@mail.gmail.com>
- References: <dfaff14d-7e1b-4c06-bb82-942037ebc08a@debian.org> <CALF6qJks+L1tw3Jyi2a1Aeaahy7o=wDz4Wokrp+BfODpGRYU-Q@mail.gmail.com>
Hi,
Am Fri, Oct 18, 2024 at 11:21:28AM +0200 schrieb Anton Gladky:
> thanks a lot for raising this! I totally agree with the proposal.
> The only problem is that gitlab API gives the email address which
> we can use to determine, whether the user is DD or not, is available
> only for payed version of gitlab [1]. If there are some other ways
> to get this information, please let me know.
Its actually not really granted that a DD is registered with the
@debian.org e-mail. So even if we would have that information its not
really helpful. I guess we could query debian-keyring instead.
> Otherwise, I am also OK to give all members the status maintainer.
Hmmm, I'm absolutely a fan of non-restrictive permissions. However
we have a lot of people who are actually not contributing and who
I'd rather would degrade to "docwriter" permissions. What about
querying teammetrics database:
teammetrics=# select * from (select name, count(*) as count from commitstat where project = 'debian-science' group by name order by count desc) tmp where count > 100;
...
127 rows
This could be done more fine grained for limiting the commits to the
last 5 years or so. Than we get the real contributors who are active
while we do not give more permissions to people who are inactive and
might not notice if their account might be hijacked.
Kind regards
Andreas.
> Am Fr., 18. Okt. 2024 um 10:12 Uhr schrieb Michael R. Crusoe
> <crusoe@debian.org>:
> >
> > TL;DR: request for a script/tool to audit & fix Salsa team roles; request for one of the Science team owners to run that script/tool.
> >
> > Hello,
> >
> > While helping out[0] a fellow Debian Developer (DD), I noticed that they had the wrong role in the "science-team" Salsa group.
> >
> > According to the Debian Science Team policy, "all Debian Developers [should] have at least Maintainer level of access".
> >
> > https://science-team.pages.debian.net/policy/#idm145
> >
> > It would be great if the following script/tool existed:
> >
> > 1. Grab the list of members of the Debian Science team from Salsa.
> > 2. Confirm which of these Salsa users are Debian Developers.
> > 3. For each Salsa user (member of the "science-team" Salsa group) who is a confirmed Debian Developer, ensure that they have the GitLab group role of "Maintainer" or higher.
> > 4. All other members of the "science-team" Salsa group (corresponding to Salsa users who are Debian Maintainers, or who are without formal membership in Debian) should have the GitLab role of "Developer".
> >
> > If someone can write or assemble that script/tool, they we can ask one of the Science team "owners" to run the script/tool to do a bulk fix of permissions
> >
> > List of owners of the "science-team" Salsa group: https://salsa.debian.org/groups/science-team/-/group_members?max_role=static-50
> >
> > [0] The DD had made a team upload, but they were unable to push their changes to the corresponding Package Repository as the "debian" branch was protected and limited to team members in the "Maintainers" role only. Personally I would be fine with allowing all Debian Maintainers to also push, but I don't know if that maps well to the GitLab roles. Currently the Debian Science Team policy is silent on the topic of protected branches beyond the statement that "[a]ll group members [should] have write access to all Package Repositories".
> >
> > Cheers
> >
> > --
> > Michael R. Crusoe
>
>
--
https://fam-tille.de
Reply to: